ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madhan Neethiraj (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (RANGER-1999) Policy evaluation to support multiple values for accessed resource
Date Thu, 01 Mar 2018 04:32:00 GMT

     [ https://issues.apache.org/jira/browse/RANGER-1999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Madhan Neethiraj updated RANGER-1999:
    Attachment: RANGER-1999.patch

> Policy evaluation to support multiple values for accessed resource
> ------------------------------------------------------------------
>                 Key: RANGER-1999
>                 URL: https://issues.apache.org/jira/browse/RANGER-1999
>             Project: Ranger
>          Issue Type: Improvement
>          Components: plugins
>            Reporter: Madhan Neethiraj
>            Assignee: Madhan Neethiraj
>            Priority: Major
>         Attachments: RANGER-1999.patch
> While evaluating access requests, Ranger policy engine picks policies based on the resource
value specified in the access request. Currently access-resource abstraction only supports
a single value for each resource-type - like database/table/column. Authorization of access
to some resources might require the policy engine to pick policies based on multiple values
for a resource.
> For example, consider access authorization for an entity in Apache Atlas. An entity
has a specific-type and a number of super-types - example: type=database super-types=[dataset,
asset]. While authorizing access to a database entity, policies specified for its super-types,
dataset and asset, should also be evaluated.
> To enable such usecases, Ranger policy evaluation needs to be enhanced to support a list
of value for a resource. Policies that match for any of the given values should be evaluated
to determine the access result. Note that this enhancement doesn't require any updates to
the policy model; the changes are needed only in the policy-engine.

This message was sent by Atlassian JIRA

View raw message