ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abhay Kulkarni (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-698) Ranger policy should support variables like $user
Date Mon, 05 Sep 2016 20:57:20 GMT

    [ https://issues.apache.org/jira/browse/RANGER-698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15465769#comment-15465769
] 

Abhay Kulkarni commented on RANGER-698:
---------------------------------------

[~bganesan] At present, the only "variable" supported in policy-resource-specification of
a ranger-policy is "{USER}". However, the design is generic so that a sophisticated user of
ranger can easily add and reference any other custom "variable" by 
1. assigning suitable value to the variable and populating access-request-context with it
by providing a custom request-enricher, and
2. writing a policy whose policy-resource specification refers to this variable.

Of course, the user-name of any containing policy-item for such policy should be "{USER}".

Thanks!
CC [~madhan@apache.org] [~bosco] [~sneethiraj]







> Ranger policy should support variables like $user
> -------------------------------------------------
>
>                 Key: RANGER-698
>                 URL: https://issues.apache.org/jira/browse/RANGER-698
>             Project: Ranger
>          Issue Type: Improvement
>    Affects Versions: 0.7.0
>            Reporter: Don Bosco Durai
>            Assignee: Abhay Kulkarni
>             Fix For: 0.7.0
>
>
> It would be good to support variables in resources and users.
> E.g.
> HDFS Resource =  /home/$user  
> or
> Table Resource = ${user}_*
> Users allowed = $user
> Where $user will be expanded to the current user. 
> I think, resource substitution will be easy. For permission, we can use key word like
we use for all users group="public". We can use key word like "USER" or something like that.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message