Hi Kohei,
Thank you for the feedback.
The new approach will change the default "ACCESS" type group ACL numbers
when a volume/bucket/key is created.
These "ACCESS" type group ACLs cannot be inherited.
The "DEFAULT" type group ACLs on the buckets/volumes, explicitly set by the
users, will still be i
Hi Sammi,
We're running Ozone with Native ACL via S3 API.
Reducing and limiting the default ACL is the correct and secure way. Still,
we're afraid that removing ALL and other groups from Key ACL affects some
permission issues via S3 because we do not have the Key ACL modification
API in the S3 in
Dear Ozone community developers and users,
During a recent use case support, we found that when creating a new key,
the current ozone client will create the default ACLs for the login user
and all its groups, both with "ALL" privileges. This default behavior has
lead to two problems,
(a). secur
