[
https://issues.apache.org/jira/browse/RANGER-704?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Madhan Neethiraj updated RANGER-704:
------------------------------------
Description:
When a service is disabled, the plugins should be refreshed with empty policy
list - as if no policy exists in the service. In this case, the components like
HDFS and YARN will enforce component ACLs (since fallback is set to true by
default); other components will deny any access - since there is no policy
exists to allow any access. And when the service is enabled, the plugins should
be refreshed with the policies in the service. To achieve this:
- the policyVersion associated with the service should be incremented whenever
the service is enabled or disabled. So that the next policy refresh call will
send updated policy list
- the policy refresh implementation should return empty policy list when
service is disabled
was:
When a service is disabled, the plugins should be refreshed with empty policy
list - as if no policy exists in the service. In this case, the components like
HDFS and YARN will enforce the ACLs of the And when the service is enabled, the
plugins should be refreshed with the policies in the service. To achieve this:
- the policyVersion associated with the service should be incremented whenever
the service is enabled or disabled. So that the next policy refresh call will
send updaetd policy list.
- the policy refresh implementation should return empty policy list when
service is disabled
> Service enable/disable should refresh the policies in the plugins
> -----------------------------------------------------------------
>
> Key: RANGER-704
> URL: https://issues.apache.org/jira/browse/RANGER-704
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Affects Versions: 0.5.0
> Reporter: Madhan Neethiraj
> Assignee: Abhay Kulkarni
>
> When a service is disabled, the plugins should be refreshed with empty policy
> list - as if no policy exists in the service. In this case, the components
> like HDFS and YARN will enforce component ACLs (since fallback is set to true
> by default); other components will deny any access - since there is no policy
> exists to allow any access. And when the service is enabled, the plugins
> should be refreshed with the policies in the service. To achieve this:
> - the policyVersion associated with the service should be incremented
> whenever the service is enabled or disabled. So that the next policy refresh
> call will send updated policy list
> - the policy refresh implementation should return empty policy list when
> service is disabled
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
