ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-1855) Importing and translating policies from Apache Sentry
Date Wed, 25 Oct 2017 10:16:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-1855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16218361#comment-16218361

Colm O hEigeartaigh commented on RANGER-1855:

I could imagine a service like the tagsync service for Atlas in Ranger, that would query the
Sentry DB periodically and obtain the policies, and then translate them into Ranger policies
and upload to the Ranger Admin. Sentry maps users to groups, and then groups to roles, where
roles contain the relevant permission Strings. It should be possible to map this to Ranger,
although it'll take a little work.

> Importing and translating policies from Apache Sentry 
> ------------------------------------------------------
>                 Key: RANGER-1855
>                 URL: https://issues.apache.org/jira/browse/RANGER-1855
>             Project: Ranger
>          Issue Type: New Feature
>          Components: Ranger
>            Reporter: Srikanth Venkat
>            Priority: Critical
> As an enterprise security admin, I would like to be able to translate or bulk import
RBAC based access control polices from Apache Sentry so that I can enhance my access control
and authorization entitlements as ABAC based policies within Ranger with dynamic policy conditions.
> Implementation considerations:
> # Given an Apache Sentry policy repository be able to translate authz policies from either
Sentry policy store DB or using the policy export tool https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61309948
> # If Sentry has REST APIs to support exporting from its policy store, perhaps some of
our community members can comment on whether there is a better way to provide the policy translation
and import into Ranger policy store.

This message was sent by Atlassian JIRA

View raw message