ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mert Hocanin (Jira)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-2774) Enhance RangerBasePlugin to be able to retrieve all policies for a user, and list of groups.
Date Tue, 07 Apr 2020 17:08:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-2774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17077422#comment-17077422

Mert Hocanin commented on RANGER-2774:

My previous commit was written a while ago and the API's in RangerPolicyEngine was changed
and the code no longer is applicable so I removed it. I have re-worked the code but would
love to get some feedback on it before I go ahead and productionalize it. I have reviewed
some of the Ranger Code base and looked for API's that do similar things but I was not able
to find one. I will put it up on review board for the purposes of eliciting feedback. Essentially,
the code is iterating through all the RangerPolicy's and obtaining all policies that match
a user or group, and then asking the policy engine to validate if the particular user/group/resource
is allowed, given the tag, deny, etc policies. I believe this achieves what we are looking

> Enhance RangerBasePlugin to be able to retrieve all policies for a user, and list of
> --------------------------------------------------------------------------------------------
>                 Key: RANGER-2774
>                 URL: https://issues.apache.org/jira/browse/RANGER-2774
>             Project: Ranger
>          Issue Type: New Feature
>          Components: Ranger
>            Reporter: Mert Hocanin
>            Assignee: Mert Hocanin
>            Priority: Minor
> Currently, the RangerBasePlugin has API's that given a RangerAccessRequest, it will return
a RangerAccessResult which returns basically whether the access is grantable or not. However,
there are certain use cases where a developer may want to pull all policies that a user and
list of groups may have access to. One use case that we had in mind was to translate a policy
from a calling user to another policy management system. 

This message was sent by Atlassian Jira

View raw message