When you define a Knox policy in Ranger, you can specify Read/Wirte/Create/Administration permissions for a particular service exposed thourgh a REST API. See for example:
What is the precise meaneaning of these RWX permissions? They make me think to some kind of ACL, but no detailed description is provided in the documentation.
For example: if the policy specifies that a particular group do not have Write permission for a given exposed service, and the execution of the service attempts to write some HDFS file of the cluster, shall Knox make the invocation of the REST API to fail?
Many thanks in advance.
Setting RWX permissions using Ranger has the same effect as setting File System Level Security, if you will not have write permissions the File System Will not allow you to Write your request. the working would be that you fire the request, and HDFS will verify your credentials, and send beck the result Knox will provide the credentials with the request as where HDFS will use Ranger to enforce Security.