[
https://issues.apache.org/jira/browse/RANGER-704?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14968487#comment-14968487
]
Alok Lal commented on RANGER-704:
---------------------------------
Point taken.
But then what is the alternative proposal? We want the service disablement be
a noop? If so, what is the rationale of that other than that legacy behavior?
To take a step back, what is the point of disabling a service?
> Service enable/disable should refresh the policies in the plugins
> -----------------------------------------------------------------
>
> Key: RANGER-704
> URL: https://issues.apache.org/jira/browse/RANGER-704
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Affects Versions: 0.5.0
> Reporter: Madhan Neethiraj
> Assignee: Abhay Kulkarni
>
> When a service is disabled, the plugins should be refreshed with empty policy
> list - as if no policy exists in the service. In this case, the components
> like HDFS and YARN will enforce component ACLs (since fallback is set to true
> by default); other components will deny any access - since there is no policy
> exists to allow any access. And when the service is enabled, the plugins
> should be refreshed with the policies in the service. To achieve this:
> - the policyVersion associated with the service should be incremented
> whenever the service is enabled or disabled. So that the next policy refresh
> call will send updated policy list
> - the policy refresh implementation should return empty policy list when
> service is disabled
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
