ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madhan Neethiraj (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RANGER-2232) Security Zones feature in Apache Ranger
Date Sun, 23 Sep 2018 08:00:00 GMT
Madhan Neethiraj created RANGER-2232:
----------------------------------------

             Summary: Security Zones feature in Apache Ranger
                 Key: RANGER-2232
                 URL: https://issues.apache.org/jira/browse/RANGER-2232
             Project: Ranger
          Issue Type: New Feature
          Components: admin
            Reporter: Madhan Neethiraj


This is to introduce a new abstraction in Apache Ranger that would allow carving/bucketing
of resources in a service into multiple zones, for better administration of security policies.
This would enable multiple administrators to setup security policies for a service – based
on the zones to which they have been granted administration rights. 

For example, let us consider 2 security zones ‘finance’ and ‘sales’:
 - Security zone ‘finance’ includes all contents in Hive database named ‘finance’ 
 - Security zone ‘sales’ includes all contents in ‘sales’ database 
 - Set of users and groups are designated as administrators each zone 
 - Users are allowed to setup policies only in zones in which they are administrators 
 - Policies defined in a zone are applicable only for resources of the zone
 - A zone can be extended to include resource from multiple services like HDFS, Hive, HBase,
Kafka, .., allowing administrators of a zone to setup policies for resources owned by their
organization across multiple services.
 - Audit logs will include name of the zone in which the accessed resource resides. Only
users having appropriate permissions on the security zone can view its audit logs.

Attached document has more details on various aspects of Security Zones.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message