Dear Ozone community developers and users, During a recent use case support, we found that when creating a new key, the current ozone client will create the default ACLs for the login user and all its groups, both with "ALL" privileges. This default behavior has lead to two problems,
(a). security unsafe. Say UserA is in the group “project A”, and “APAC employee". If UserA creates a new file for project A, then all other users in the “APAC employee" group will have full control of this file, which is usually not expected. (b). If a user is in hundreds of groups, then there will be hundreds of ACL created, and saved as metadata of this key, which will consume unnecessary network bandwidth, raft log, and rocksdb space. This is an example, the groups of my account in macOS, only few groups are valuable to end users. "staff everyone localaccounts _appserverusr admin _appserveradm _lpadmin com.apple.sharepoint.group.2 com.apple.sharepoint.group.3 _appstore _lpoperator _developer _analyticsusers com.apple.access_ftp com.apple.access_screensharing com.apple.access_ssh com.apple.access_remote_ae com.apple.sharepoint.group.1" With JIRA HDDS-11656 <https://issues.apache.org/jira/browse/HDDS-11656> , the default ACL behavior will change from currently creating an ACL with "ALL" permission for each group of the user, to only creating one ACL with "READ, LIST" permission for the user's primary group. As for creating a "ALL" permission ACL for the user, it's not changed, and remains the same. Use above UserA case as an example, if "project A" group is the primary group of this user, then when UserA created a new file, UserA will have the full control of this file with ACL "ALL" permission, group "project A" will have the read and list permission of this file, group “APAC employee" will have no permission of this file. Since UserA has the full control of this file, if the group “APAC employee" really needs to access this file, UserA can explicitly add an ACL for the group “APAC employee" later. Native ACL is used by many community users. Please let me know if there is any concern about this behavior change. Thanks, Sammi
