[
https://issues.apache.org/jira/browse/RANGER-612?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14695935#comment-14695935
]
Don Bosco Durai commented on RANGER-612:
----------------------------------------
[[email protected]], what if there are no deny policies or policy items, in
this case do we go to HDFS level? What if there are split permissions. Ranger
has part and there are few in HDFS?
> Update HDFS plugin to fallback to hadoop-acl only when there is no Ranger
> policy to determine the authorization
> ---------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-612
> URL: https://issues.apache.org/jira/browse/RANGER-612
> Project: Ranger
> Issue Type: Sub-task
> Components: plugins
> Affects Versions: 0.5.0
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Fix For: 0.5.0
>
>
> Currently (ranger-0.5), Ranger HDFS plugin does a fallback to hadoop-acl when
> Ranger policies do not allow the requested access. This should be updated to
> fallback only when Ranger policies do not determine the authorization i.e.
> there is no Ranger policy to either ALLOW or DENY the access. This fix is
> required to support scenarios where Ranger policies can DENY the access.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
