[
https://issues.apache.org/jira/browse/RANGER-612?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14695975#comment-14695975
]
Balaji Ganesan commented on RANGER-612:
---------------------------------------
Can the fallback be configurable? Can user choose to fallback on HDFS ACLs even
if Ranger has a policy? Basically the idea is underlying file system could have
permissions managed externally and can decide whether users gets access to data
or not. This may defeat the centralized security mode, but many corporate
systems having disparate ACLs which are not connected.
> Update HDFS plugin to fallback to hadoop-acl only when there is no Ranger
> policy to determine the authorization
> ---------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-612
> URL: https://issues.apache.org/jira/browse/RANGER-612
> Project: Ranger
> Issue Type: Sub-task
> Components: plugins
> Affects Versions: 0.5.0
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Fix For: 0.5.0
>
>
> Currently (ranger-0.5), Ranger HDFS plugin does a fallback to hadoop-acl when
> Ranger policies do not allow the requested access. This should be updated to
> fallback only when Ranger policies do not determine the authorization i.e.
> there is no Ranger policy to either ALLOW or DENY the access. This fix is
> required to support scenarios where Ranger policies can DENY the access.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
