ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madhan Neethiraj (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (RANGER-698) Ranger policy should support variables like $user
Date Fri, 02 Sep 2016 23:05:20 GMT

    [ https://issues.apache.org/jira/browse/RANGER-698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15457075#comment-15457075
] 

Madhan Neethiraj edited comment on RANGER-698 at 9/2/16 11:05 PM:
------------------------------------------------------------------

Committed to master:
 - http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/c659d9aa
 - http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/2118a716

Thanks [~kulkabhay]. This is an awesome feature! This enables a single policy to define access
for user-specific resources for all users in the system - like:

Hive policy:
{noformat}
  resource: database=db_{USER}; table=*; column=*
  user: {USER} or group: public
  permissions: all, delegatedAdmin=true
{noformat}

This will allow all access for
 - user 'user1' on database 'db_user1'
 - user 'user2' on database 'db_user2'
 - and so on..

[~abhayk] - please add more usecases and details to this JIRA.

CC: [~bosco], [~sneethiraj], [~bganesan]


was (Author: madhan.neethiraj):
Committed to master: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/c659d9aa.

Thanks [~kulkabhay]. This is an awesome feature! This enables a single policy to define access
for user-specific resources for all users in the system - like:

Hive policy:
{noformat}
  resource: database=db_{USER}; table=*; column=*
  user: {USER} or group: public
  permissions: all, delegatedAdmin=true
{noformat}

This will allow all access for
 - user 'user1' on database 'db_user1'
 - user 'user2' on database 'db_user2'
 - and so on..

[~abhayk] - please add more usecases and details to this JIRA.

CC: [~bosco], [~sneethiraj], [~bganesan]

> Ranger policy should support variables like $user
> -------------------------------------------------
>
>                 Key: RANGER-698
>                 URL: https://issues.apache.org/jira/browse/RANGER-698
>             Project: Ranger
>          Issue Type: Improvement
>    Affects Versions: 0.7.0
>            Reporter: Don Bosco Durai
>            Assignee: Abhay Kulkarni
>             Fix For: 0.7.0
>
>
> It would be good to support variables in resources and users.
> E.g.
> HDFS Resource =  /home/$user  
> or
> Table Resource = ${user}_*
> Users allowed = $user
> Where $user will be expanded to the current user. 
> I think, resource substitution will be easy. For permission, we can use key word like
we use for all users group="public". We can use key word like "USER" or something like that.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message