[ https://issues.apache.org/jira/browse/RANGER-698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15465769#comment-15465769
]
Abhay Kulkarni commented on RANGER-698:
---------------------------------------
[~bganesan] At present, the only "variable" supported in policy-resource-specification of
a ranger-policy is "{USER}". However, the design is generic so that a sophisticated user of
ranger can easily add and reference any other custom "variable" by
1. assigning suitable value to the variable and populating access-request-context with it
by providing a custom request-enricher, and
2. writing a policy whose policy-resource specification refers to this variable.
Of course, the user-name of any containing policy-item for such policy should be "{USER}".
Thanks!
CC [~madhan@apache.org] [~bosco] [~sneethiraj]
> Ranger policy should support variables like $user
> -------------------------------------------------
>
> Key: RANGER-698
> URL: https://issues.apache.org/jira/browse/RANGER-698
> Project: Ranger
> Issue Type: Improvement
> Affects Versions: 0.7.0
> Reporter: Don Bosco Durai
> Assignee: Abhay Kulkarni
> Fix For: 0.7.0
>
>
> It would be good to support variables in resources and users.
> E.g.
> HDFS Resource = /home/$user
> or
> Table Resource = ${user}_*
> Users allowed = $user
> Where $user will be expanded to the current user.
> I think, resource substitution will be easy. For permission, we can use key word like
we use for all users group="public". We can use key word like "USER" or something like that.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
|