sentry-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Liam Sargent (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (SENTRY-2189) Static Attribute Ingestion
Date Thu, 05 Apr 2018 21:24:00 GMT

    [ https://issues.apache.org/jira/browse/SENTRY-2189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16427627#comment-16427627
] 

Liam Sargent edited comment on SENTRY-2189 at 4/5/18 9:23 PM:
--------------------------------------------------------------

ABAC static attribute ingestion. Code is not touched by any other module currently, and lives
inside sentry-abac.

 

SENTRY-2189.001


was (Author: liamsargent):
ABAC static attribute ingestion. Code is not touched by any other module currently, and lives
inside sentry-abac.

> Static Attribute Ingestion
> --------------------------
>
>                 Key: SENTRY-2189
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2189
>             Project: Sentry
>          Issue Type: New Feature
>    Affects Versions: 2.1.0
>            Reporter: Liam Sargent
>            Assignee: Liam Sargent
>            Priority: Major
>              Labels: ABAC
>         Attachments: SENTRY-2189.001.patch
>
>
> Static (file-based) attribute provider for Sentry ABAC.
> Attributes are string "tags" used to define a feature of the data which may require additional
access control steps for security and compliance.
> Since Sentry already provides role-based access control, we must be able to define actions
to take on data objects based on attribute/role combinations.
> This relationship can be modeled and effectively leveraged at query time with a specialized
bidirectional map object providing low latency lookup between Attribute and Object, and vice
versa.
> Attribute->Object definitions will be provided as a JSON object, or as JSON delta
updates to existing definitions. This implementation will parse the definitions into the specialized
Java object to provide near-O(1) lookup from Attribute-> Object, and from Object ->
Attribute associations.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message