ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abhay Kulkarni (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (RANGER-2232) Security Zones feature in Apache Ranger
Date Sun, 11 Nov 2018 19:03:00 GMT

     [ https://issues.apache.org/jira/browse/RANGER-2232?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Abhay Kulkarni reassigned RANGER-2232:

    Assignee: Abhay Kulkarni  (was: Madhan Neethiraj)

> Security Zones feature in Apache Ranger
> ---------------------------------------
>                 Key: RANGER-2232
>                 URL: https://issues.apache.org/jira/browse/RANGER-2232
>             Project: Ranger
>          Issue Type: New Feature
>          Components: admin
>            Reporter: Madhan Neethiraj
>            Assignee: Abhay Kulkarni
>            Priority: Major
>         Attachments: Apache Ranger - Security Zones.pdf
> This is to introduce a new abstraction in Apache Ranger that would allow carving/bucketing
of resources in a service into multiple zones, for better administration of security policies.
This would enable multiple administrators to setup security policies for a service – based
on the zones to which they have been granted administration rights. 
> For example, let us consider 2 security zones ‘finance’ and ‘sales’:
>  - Security zone ‘finance’ includes all contents in Hive database named ‘finance’ 
>  - Security zone ‘sales’ includes all contents in ‘sales’ database 
>  - Set of users and groups are designated as administrators each zone 
>  - Users are allowed to setup policies only in zones in which they are administrators 
>  - Policies defined in a zone are applicable only for resources of the zone
>  - A zone can be extended to include resource from multiple services like HDFS, Hive,
HBase, Kafka, .., allowing administrators of a zone to setup policies for resources owned
by their organization across multiple services.
>  - Audit logs will include name of the zone in which the accessed resource resides.
Only users having appropriate permissions on the security zone can view its audit logs.
> Attached document has more details on various aspects of Security Zones.

This message was sent by Atlassian JIRA

View raw message