atlas-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Radley (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ATLAS-1821) Classification propagation from entity to a derivative or child entity
Date Thu, 25 May 2017 09:39:04 GMT

    [ https://issues.apache.org/jira/browse/ATLAS-1821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16024460#comment-16024460
] 

David Radley commented on ATLAS-1821:
-------------------------------------

I think having the classifications propagate is powerful. I am concerned that we need to restrict
which classifications propagate across which relationships. If we want to pursue a declarative
approach to this, I would like to understand the process by which conflicts are resolved and
by who and how we know that these conflict resolutions meet with the companies governance
policies. 

We have a use case where the glossary is set up with a Glossary Term National Insurance number,
which is tagged as confidential. It is mapped to a masked column and an unmasked column. The
masked column can be public, but the unmasked column need to get the Terms security classification.
This would not be a conflict. 

I suggest a rules based approach be used instead. In this case a governance team could define
a set of rules around how classifications flow , including special cases. Maybe something
like :

for all Glossary terms that have assigned assets, flow the terms confidentiality level classification
to the assigned asset, except in the case where if the assigned asset is masked -  then classify
it as public 

We are then in a position to author rules that encapsulate best governance practices and play
a part to enforce governance standards.   






> Classification propagation from entity to a derivative or child entity
> ----------------------------------------------------------------------
>
>                 Key: ATLAS-1821
>                 URL: https://issues.apache.org/jira/browse/ATLAS-1821
>             Project: Atlas
>          Issue Type: Improvement
>          Components:  atlas-core, atlas-webui
>            Reporter: Srikanth Venkat
>             Fix For: 0.9-incubating
>
>
> User Story:
> As a data steward, I need a scalable way to quickly and efficiently propagate classification
across the information supply chain to support efficient searches and classification based
security for compliance and audit purposes. 
> This requires:
> 1. Classifications for derivative entities should be inherited from the originator and
to child entities from parent. 
> For example, if a Hive column is classified "Confidential" then resulting column created
from a CTAS operation should also be tagged "Confidential" to maintain the classification
of the original entity. In the case where 2 or more entities are composed, the derivative
entity should have the union of all classifications of each source entity.
> 2. Business Terms:
> a. Child business terms should inherit the classifications associated with the parent
term.
> b. The option to propagate classification to child business terms in a hierarchy should
be provided
> c. Ability to update the propagated tags manually via UI or through the API
> d. Tagging a term should propagate to data assets that are already attached to that business
term as well
> 3. Data assets
> a. For all supported data asset types in Atlas, if a derivative asset is created it should
inherit the tags and attributes from the original asset.
> b. the option to propagate tags to child entities should be provided (e.g. if you tag
a folder in HDFS optionally tag all the files within it)
> c. Ability to update the propagated tags manually via UI or through the API
> d. Tagging a parent object should be inherited after child creation dynamically (unless
a flag is set not to do this)
> e. Derived data assets should have the tags of the original data asset.
> Conflict resolution - if there are different values for attributes on tags (classifications)
on upstream or parent entities used to derive a data asset then user needs to be prompted
for action to resolve the conflict. Once resolved, the resolved value should be carried forth
to derived assets.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message