ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madhan Neethiraj (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (RANGER-2232) Security Zones feature in Apache Ranger
Date Sun, 23 Sep 2018 08:01:00 GMT

     [ https://issues.apache.org/jira/browse/RANGER-2232?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Madhan Neethiraj reassigned RANGER-2232:
----------------------------------------

    Assignee: Madhan Neethiraj

> Security Zones feature in Apache Ranger
> ---------------------------------------
>
>                 Key: RANGER-2232
>                 URL: https://issues.apache.org/jira/browse/RANGER-2232
>             Project: Ranger
>          Issue Type: New Feature
>          Components: admin
>            Reporter: Madhan Neethiraj
>            Assignee: Madhan Neethiraj
>            Priority: Major
>         Attachments: Apache Ranger - Security Zones.pdf
>
>
> This is to introduce a new abstraction in Apache Ranger that would allow carving/bucketing
of resources in a service into multiple zones, for better administration of security policies.
This would enable multiple administrators to setup security policies for a service – based
on the zones to which they have been granted administration rights. 
> For example, let us consider 2 security zones ‘finance’ and ‘sales’:
>  - Security zone ‘finance’ includes all contents in Hive database named ‘finance’ 
>  - Security zone ‘sales’ includes all contents in ‘sales’ database 
>  - Set of users and groups are designated as administrators each zone 
>  - Users are allowed to setup policies only in zones in which they are administrators 
>  - Policies defined in a zone are applicable only for resources of the zone
>  - A zone can be extended to include resource from multiple services like HDFS, Hive,
HBase, Kafka, .., allowing administrators of a zone to setup policies for resources owned
by their organization across multiple services.
>  - Audit logs will include name of the zone in which the accessed resource resides.
Only users having appropriate permissions on the security zone can view its audit logs.
> Attached document has more details on various aspects of Security Zones.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message