ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madhan Neethiraj (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (RANGER-698) Ranger policy should support variables like $user
Date Wed, 10 Aug 2016 17:52:21 GMT

    [ https://issues.apache.org/jira/browse/RANGER-698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15415663#comment-15415663
] 

Madhan Neethiraj edited comment on RANGER-698 at 8/10/16 5:52 PM:
------------------------------------------------------------------

Support for variables in Ranger policy resource values can make it easy to manage policies;
in many cases can help use a single policy to manage access permissions for a large number
of resources. For example, following policies can be used to set permissions for all home
directories/user specific databases:
{code}
HDFS: path=/home/{user}/*; user={user}; permission=read,write,execute
Hive: database={user}_db; table=*; column=*; user={user}; permission=all
{code}




was (Author: madhan.neethiraj):
Support for variables in Ranger policy resource values can make it easy to manage policies;
in many cases can help use a single policy to manage access permissions for multiple resources.
For example, following policy can be used to set permissions for all home directories: {code}path="/home/{user}/";
user="{user}"; permission=read,write,execute{code}



> Ranger policy should support variables like $user
> -------------------------------------------------
>
>                 Key: RANGER-698
>                 URL: https://issues.apache.org/jira/browse/RANGER-698
>             Project: Ranger
>          Issue Type: Improvement
>            Reporter: Don Bosco Durai
>             Fix For: 0.7.0
>
>
> It would be good to support variables in resources and users.
> E.g.
> HDFS Resource =  /home/$user  
> or
> Table Resource = ${user}_*
> Users allowed = $user
> Where $user will be expanded to the current user. 
> I think, resource substitution will be easy. For permission, we can use key word like
we use for all users group="public". We can use key word like "USER" or something like that.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message