ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madhan Neethiraj (Jira)" <j...@apache.org>
Subject [jira] [Created] (RANGER-3082) User with delegated-admin is unable to create policy
Date Thu, 19 Nov 2020 04:16:00 GMT
Madhan Neethiraj created RANGER-3082:
----------------------------------------

             Summary: User with delegated-admin is unable to create policy
                 Key: RANGER-3082
                 URL: https://issues.apache.org/jira/browse/RANGER-3082
             Project: Ranger
          Issue Type: Bug
          Components: plugins
            Reporter: Madhan Neethiraj


Ranger policy model supports delegated-admin model which enables an administrator to allow
non-admin users to setup policies for a subset of resources. For example, following policy
would allow users in finance_admin group to setup policies for all tables and columns in database=finance.

{noformat}
resource:        database=finance; table=*; column=*
group:           finance_admin
delegated-admin: true
{noformat}

However, when macros like {{\{USER\}}} are used in resource names, users with delegated-admin
are unable to setup policies. For example, following policy should allow user {{scott}} to
setup policies for tables in a database named {{test_scott}}, but it doesn't.

{noformat}
resource:        database=test_{USER}; table=*; column=*
user:            {USER}
delegated-admin: true
{noformat}




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message