ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Authorization for policy downloads
Date Tue, 02 May 2017 15:50:37 GMT
Hi all,

A quick question for something that is puzzling me. I can download policies
from then Admin service with no credentials like e.g.:

curl -v http://localhost:6080/service/plugins/policies/download/cl1_hadoop

However, when my kerberized HDFS plugin tries to pull policies down (as the
"hdfs" user), I get an authorization error that the user is not allowed to
download the policies. I have to edit the "cl1_hadoop" configuration and
add the "hdfs" user to the "policy.download.auth.users" property.

Why is this step necessary when I can just download the policies with no
credentials with curl? Are we looking at a security issue here?


Colm O hEigeartaigh

Talend Community Coder

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message