[
https://issues.apache.org/jira/browse/RANGER-704?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14968395#comment-14968395
]
Dilli Dorai Minnal Arumugam commented on RANGER-704:
----------------------------------------------------
Agree with [~bganesan].
This fix would make the service server (even hdfs, if fallback has been
disabled) effectively getting locked out.
Doubt whether this is the right thing to do.
> Service enable/disable should refresh the policies in the plugins
> -----------------------------------------------------------------
>
> Key: RANGER-704
> URL: https://issues.apache.org/jira/browse/RANGER-704
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Affects Versions: 0.5.0
> Reporter: Madhan Neethiraj
> Assignee: Abhay Kulkarni
>
> When a service is disabled, the plugins should be refreshed with empty policy
> list - as if no policy exists in the service. In this case, the components
> like HDFS and YARN will enforce component ACLs (since fallback is set to true
> by default); other components will deny any access - since there is no policy
> exists to allow any access. And when the service is enabled, the plugins
> should be refreshed with the policies in the service. To achieve this:
> - the policyVersion associated with the service should be incremented
> whenever the service is enabled or disabled. So that the next policy refresh
> call will send updated policy list
> - the policy refresh implementation should return empty policy list when
> service is disabled
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
