ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Don Bosco Durai (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-406) Policy manager should support a way to just ask for auditability instead of access (and auditability).
Date Tue, 06 Sep 2016 16:55:21 GMT

    [ https://issues.apache.org/jira/browse/RANGER-406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15467911#comment-15467911
] 

Don Bosco Durai commented on RANGER-406:
----------------------------------------

Interesting feedback. You should look in to Ranger Dynamic Policies. It helps extending the
default behavior and so provides ability to enrich the context information from different
sources (e.g. IP lookup). Your asynchronous action can be easily implemented with Dynamic
Policies. 

For others, we will have to look into case by case. E.g. in HBase, we could potentially alter
the write request, but in Hive/Spark, the data might be loaded by offline mechanism.



> Policy manager should support a way to just ask for auditability instead of access (and
auditability).
> ------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-406
>                 URL: https://issues.apache.org/jira/browse/RANGER-406
>             Project: Ranger
>          Issue Type: Improvement
>          Components: plugins
>            Reporter: Alok Lal
>
> For some cases like Hbase where superusers are exempt from access validation getting
a lightweight way to just check for auditability would be beneficial and performant.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message