ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bolke de Bruin (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RANGER-2302) Clients should be able to add tag information to access requests
Date Sun, 02 Dec 2018 08:08:00 GMT
Bolke de Bruin created RANGER-2302:

             Summary: Clients should be able to add tag information to access requests
                 Key: RANGER-2302
                 URL: https://issues.apache.org/jira/browse/RANGER-2302
             Project: Ranger
          Issue Type: Bug
          Components: tagsync
    Affects Versions: 1.2.0
            Reporter: Bolke de Bruin

Ranger currently assumes that clients are tag unaware. It, for example, syncs tag information
with Atlas. This has several issues:
 # It assumes Ranger is the single source of truth connecting resource and tag information
 # As the tagsync is not happening realtime (either due to Kafka delay or due to caching)
security issues can pop up. E.g. copy a file with PII info to different location has a time
window that Ranger is unaware of the tag.

If the client is tag aware it could supply the tags that it knows of as part of the request.
This ensures immediate availability and propagation of tags.

A backward compatible implementation could be to use {color:#9876aa}KEY_USER_TAGS {color}with
a delimiter as part of the RangerAccessResource request and have RangerTagEnricher pick up
these tags

This message was sent by Atlassian JIRA

View raw message