ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Don Bosco Durai (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-1486) New usersync alternative for Atlas (vdc)
Date Fri, 01 Sep 2017 16:38:03 GMT

    [ https://issues.apache.org/jira/browse/RANGER-1486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16150804#comment-16150804
] 

Don Bosco Durai commented on RANGER-1486:
-----------------------------------------

Assuming the groups coming from Atlas will be a subset from LDAP, I am okay. If not, we have
to ensure that Hadoop is aware of the additional groups, else it will be misleading to the
admin setting up the policies.

> New usersync alternative for Atlas (vdc)
> ----------------------------------------
>
>                 Key: RANGER-1486
>                 URL: https://issues.apache.org/jira/browse/RANGER-1486
>             Project: Ranger
>          Issue Type: New Feature
>          Components: usersync
>            Reporter: Nigel Jones
>            Assignee: Nigel Jones
>              Labels: VirtualDataConnector
>
> As part of the Atlas Virtualization Data Connector work we are using this within a large
enterprise with a lot of users & groups stored in ldap.
> The connector -- which has a ranger plugin to apply access control policies -- is used
by a relatively small subset of these users. However that can't easily be transcribed to an
optimal ldap query.
> Since Atlas will have the definitive list of roles that are being used, this new usersync
will instead retrieve a list of roles from Atlas, and will then use this list to retrieve
only those users found in this list of roles from LDAP.
> This is an alternative usersync so shouldn't conflict and will use the same ranger APIs



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message