[
https://issues.apache.org/jira/browse/RANGER-612?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14695995#comment-14695995
]
Don Bosco Durai commented on RANGER-612:
----------------------------------------
The confusion I am having is the terminology or overload of the term policy. It
seems, both Balaji and I are interpreting this has policy (page) for the
resource.
[~madhan.neethiraj], it seems that you referring to the individual policy
items. I.e. after execution all Ranger policies/policy items and if don't find
any "allow" policy, then we check with HDFS to see if it has any.
My understanding was, this is how it was always implemented. What has changed
recently?
> Update HDFS plugin to fallback to hadoop-acl only when there is no Ranger
> policy to determine the authorization
> ---------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-612
> URL: https://issues.apache.org/jira/browse/RANGER-612
> Project: Ranger
> Issue Type: Sub-task
> Components: plugins
> Affects Versions: 0.5.0
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Fix For: 0.5.0
>
>
> Currently (ranger-0.5), Ranger HDFS plugin does a fallback to hadoop-acl when
> Ranger policies do not allow the requested access. This should be updated to
> fallback only when Ranger policies do not determine the authorization i.e.
> there is no Ranger policy to either ALLOW or DENY the access. This fix is
> required to support scenarios where Ranger policies can DENY the access.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
