Ozone
This topic describes known issues and workarounds for using Ozone in this release of Cloudera Runtime.
- A user with ALL Access in Ranger cannot list volumes created by other users
-
When
ozone.acl.enabled=True
andozone.administrators
are defined, ACL checks such as volume create and list volume are not sent to the configured authorizer plug-in such as Ranger or NativeOzoneAuthorizer; instead, they are based on the Ozone Manager'sozone.administrators
configuration.As a result, if you set the authorizer policy to allow certain user to create or list volumes, the request is not honored.
- The Recon web user interface shows incomplete information about Ozone volumes, buckets, and keys
-
In a secure cluster with High Availability for Ozone Manager enabled, if Recon is not configured with the correct server principal of the Ozone Manager, it cannot receive updates from Ozone Manager on a regular basis. Therefore, the Recon web user interface shows incomplete information about volumes, buckets, and keys.