Author: madhan
Date: Sat Apr 29 23:28:12 2023
New Revision: 1909491
URL: http://svn.apache.org/viewvc?rev=1909491&view=rev
Log:
RANGER-4209: blog: adventures in abac - part-1
Added:
ranger/site/trunk/blogs/
ranger/site/trunk/blogs.html
ranger/site/trunk/blogs/adventures_in_abac_1.files/
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig01-policy_ussales_rib.jpg
(with props)
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig02-policy_globalsales_highly_sensitive.jpg
(with props)
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig03-policy_globalsales_sensitive.jpg
(with props)
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig04-policy_globalsales_non_sensitive.jpg
(with props)
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig05-policy_globalsales_row_filter_sales_region.jpg
(with props)
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig06-roles_capturing_sl_sr.jpg
(with props)
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig07-policy_ussales_tag_attribute_based.jpg
(with props)
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig08-policy_tag_based_sl.jpg
(with props)
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig09-policy_globalsales_row_filter_sr_roles.jpg
(with props)
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig10-roles_capturing_sl_sr_sp.jpg
(with props)
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig11-policy_globalsalespartners_row_filter_sr_sp.jpg
(with props)
ranger/site/trunk/blogs/adventures_in_abac_1.files/table_globalsales.jpg
(with props)
ranger/site/trunk/blogs/adventures_in_abac_1.files/table_globalsalespartners.jpg
(with props)
ranger/site/trunk/blogs/adventures_in_abac_1.files/table_ussales.jpg
(with props)
ranger/site/trunk/blogs/adventures_in_abac_1.html
ranger/site/trunk/index.js
ranger/site/trunk/swagger-ui-bundle.js
ranger/site/trunk/swagger-ui-es-bundle-core.js
ranger/site/trunk/swagger-ui-es-bundle.js
ranger/site/trunk/swagger-ui-standalone-preset.js
ranger/site/trunk/swagger-ui.css
ranger/site/trunk/swagger-ui.js
ranger/site/trunk/swagger.html
Modified:
ranger/site/trunk/download.html
ranger/site/trunk/faq.html
ranger/site/trunk/index.html
ranger/site/trunk/issue-tracking.html
ranger/site/trunk/license.html
ranger/site/trunk/mail-lists.html
ranger/site/trunk/project-info.html
ranger/site/trunk/project-summary.html
ranger/site/trunk/quick_start_guide.html
ranger/site/trunk/team-list.html
Added: ranger/site/trunk/blogs.html
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/blogs.html?rev=1909491&view=auto
==============================================================================
--- ranger/site/trunk/blogs.html (added)
+++ ranger/site/trunk/blogs.html Sat Apr 29 23:28:12 2023
@@ -0,0 +1,136 @@
+<!DOCTYPE html>
+<!--
+ | Generated by Apache Maven Doxia Site Renderer 1.11.1
+ | Rendered using Apache Maven Fluido Skin 1.6
+-->
+<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
+ <head>
+ <meta charset="UTF-8" />
+ <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+ <meta http-equiv="Content-Language" content="en" />
+ <title>Apache Ranger – </title>
+ <link rel="stylesheet" href="./css/apache-maven-fluido-1.6.min.css" />
+ <link rel="stylesheet" href="./css/site.css" />
+ <link rel="stylesheet" href="./css/print.css" media="print" />
+ <script type="text/javascript"
src="./js/apache-maven-fluido-1.6.min.js"></script>
+ </head>
+ <body class="topBarDisabled">
+ <div class="container-fluid">
+ <div id="banner">
+ <div class="pull-left"><a href="https://ranger.apache.org";
id="bannerLeft"><img src="ranger.jpg" alt="Apache Ranger" width="400px"
height="200px"/></a></div>
+ <div class="pull-right"></div>
+ <div class="clear"><hr/></div>
+ </div>
+
+ <div id="breadcrumbs">
+ <ul class="breadcrumb">
+ <li id="publishDate">Last Published: 2023-04-29<span
class="divider">|</span>
+</li>
+ <li id="projectVersion">Version: 3.0.0-SNAPSHOT<span
class="divider">|</span></li>
+ <li class=""><a href="./" title="Ranger">Ranger</a><span
class="divider">/</span></li>
+ <li class="active "></li>
+ </ul>
+ </div>
+ <div class="row-fluid">
+ <div id="leftColumn" class="span2">
+ <div class="well sidebar-nav">
+<ul class="nav nav-list">
+ <li class="nav-header">Overview</li>
+ <li><a href="index.html" title="Introduction"><span
class="none"></span>Introduction</a> </li>
+ <li><a href="https://cwiki.apache.org/confluence/display/RANGER/News";
class="externalLink" title="News"><span class="none"></span>News</a> </li>
+ <li><a href="download.html" title="Download"><span
class="none"></span>Download</a> </li>
+ <li><a href="faq.html" title="FAQ"><span class="none"></span>FAQ</a> </li>
+ <li class="nav-header">Resources</li>
+ <li><a href="https://cwiki.apache.org/confluence/display/RANGER/Index";
class="externalLink" title="Wiki"><span class="none"></span>Wiki</a> </li>
+ <li><a href="quick_start_guide.html" title="Quick Start Guide"><span
class="none"></span>Quick Start Guide</a> </li>
+ <li><a href="apidocs/index.html" title="Ranger REST API
Documentation"><span class="none"></span>Ranger REST API Documentation</a>
</li>
+ <li><a href="kms/apidocs/index.html" title="Ranger KMS REST API
Documentation"><span class="none"></span>Ranger KMS REST API Documentation</a>
</li>
+ <li class="active"><a href="#"><span class="none"></span>Blogs</a>
+ </li>
+ <li><a href="https://www.apache.org/licenses/"; class="externalLink"
title="License"><span class="none"></span>License</a> </li>
+ <li class="nav-header">Project Information</li>
+ <li><a href="project-summary.html" title="Project Summary"><span
class="none"></span>Project Summary</a> </li>
+ <li><a href="mail-lists.html" title="Mailing Lists"><span
class="none"></span>Mailing Lists</a> </li>
+ <li><a href="https://issues.apache.org/jira/browse/RANGER";
class="externalLink" title="Issue Tracking"><span class="none"></span>Issue
Tracking</a> </li>
+ <li><a href="team-list.html" title="Team"><span
class="none"></span>Team</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger";
class="externalLink" title="Security Advisories"><span
class="none"></span>Security Advisories</a> </li>
+ <li class="nav-header">Releases</li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+2.4.0+-+Release+Notes";
class="externalLink" title="2.4.0"><span class="none"></span>2.4.0</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+2.3.0+-+Release+Notes";
class="externalLink" title="2.3.0"><span class="none"></span>2.3.0</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+2.2.0+-+Release+Notes";
class="externalLink" title="2.2.0"><span class="none"></span>2.2.0</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+2.1.0+-+Release+Notes";
class="externalLink" title="2.1.0"><span class="none"></span>2.1.0</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+2.0.0+-+Release+Notes";
class="externalLink" title="2.0.0"><span class="none"></span>2.0.0</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+1.2.0+-+Release+Notes";
class="externalLink" title="1.2.0"><span class="none"></span>1.2.0</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+1.1.0+-+Release+Notes";
class="externalLink" title="1.1.0"><span class="none"></span>1.1.0</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/1.0.0+Release+-+Apache+Ranger";
class="externalLink" title="1.0.0"><span class="none"></span>1.0.0</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/0.7.1+Release+-+Apache+Ranger";
class="externalLink" title="0.7.1"><span class="none"></span>0.7.1</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/0.7.0+Release+-+Apache+Ranger";
class="externalLink" title="0.7.0"><span class="none"></span>0.7.0</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/0.6.3+Release+-+Apache+Ranger";
class="externalLink" title="0.6.3"><span class="none"></span>0.6.3</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/0.6.2+Release+-+Apache+Ranger";
class="externalLink" title="0.6.2"><span class="none"></span>0.6.2</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/0.6.1+Release+-+Apache+Ranger";
class="externalLink" title="0.6.1"><span class="none"></span>0.6.1</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/0.6+Release+-+Apache+Ranger";
class="externalLink" title="0.6.0"><span class="none"></span>0.6.0</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/0.5.3+Release+-+Apache+Ranger";
class="externalLink" title="0.5.3"><span class="none"></span>0.5.3</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/0.5.2+Release+-+Apache+Ranger";
class="externalLink" title="0.5.2"><span class="none"></span>0.5.2</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/0.5.1+Release+-+Apache+Ranger";
class="externalLink" title="0.5.1"><span class="none"></span>0.5.1</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/0.5+Release+-+Apache+Ranger";
class="externalLink" title="0.5.0"><span class="none"></span>0.5.0</a> </li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/RANGER/0.4+Release";
class="externalLink" title="0.4.0"><span class="none"></span>0.4.0</a> </li>
+ <li class="nav-header">Apache</li>
+ <li><a href="https://www.apache.org"; class="externalLink"
title="Home"><span class="none"></span>Home</a> </li>
+ <li><a href="https://www.apache.org/events/current-event";
class="externalLink" title="Events"><span class="none"></span>Events</a> </li>
+ <li><a href="https://www.apache.org/licenses/"; class="externalLink"
title="License"><span class="none"></span>License</a> </li>
+ <li><a href="https://www.apache.org/foundation/sponsorship";
class="externalLink" title="Sponsorship"><span
class="none"></span>Sponsorship</a> </li>
+ <li><a href="https://www.apache.org/security"; class="externalLink"
title="Security"><span class="none"></span>Security</a> </li>
+ <li><a href="https://www.apache.org/foundation/thanks";
class="externalLink" title="Thanks"><span class="none"></span>Thanks</a> </li>
+ <li><a href="https://www.apache.org/foundation/policies/conduct";
class="externalLink" title="Code of Conduct"><span class="none"></span>Code of
Conduct</a> </li>
+ </ul>
+ <hr />
+ <div id="poweredBy">
+ <div class="clear"></div>
+ <iframe
src="https://www.facebook.com/plugins/like.php?href=http://ranger.apache.org/&send=false&layout=box_count&show-faces=false&action=like&colorscheme=light";
+ scrolling="no" frameborder="0"
+ style="border:none; width:48px; height:63px; margin-top: 10px;"
></iframe>
+ <div class="clear"></div>
+ <div class="clear"></div>
+ <div class="clear"></div>
+ <a href="http://maven.apache.org/"; title="Maven" class="builtBy"><img
class="builtBy" alt="Maven"
src="https://maven.apache.org/images/logos/maven-feather.png"; /></a>
+ </div>
+ </div>
+ </div>
+ <div id="bodyColumn" class="span10" >
+
+
+<section>
+<h2><a name="Apache_Ranger.E2.84.A2_blogs"></a>Apache Ranger™ blogs</h2>
+
+<ul>
+
+<li>
+
+<p>
+<a href="blogs/adventures_in_abac_1.html" target="_blank">Adventures in
attribute-based access control (ABAC) - part 1</a>
+</p>
+ Explores choices for setting up access control based on sensitivity level
and content of the data, and attributes of the user.<br />
+
+<div style="font-size: 90%;color: #999;">
+ Posted on Apr 29, 2023 by Barbara Eckman, Comcast
+ </div>
+</li>
+</ul>
+</section>
+
+
+ </div>
+ </div>
+ </div>
+ <hr/>
+ <footer>
+ <div class="container-fluid">
+ <div class="row-fluid">
+<p><a href="https://www.apache.org/foundation/contributing";><img
src="https://www.apache.org/images/SupportApache-small.png"; alt="Support the
ASF" id="asf-logo" height="20" width="20" /></a>Copyright © 2011-2018 The
Apache Software Foundation. Licensed under the <a
href="https://www.apache.org/licenses/";>Apache License, Version 2.0</a>.<br/>
+Apache Ranger, Ranger, Apache, the Apache feather logo are trademarks of the
<a href="https://www.apache.org";>Apache Software Foundation</a>.<br/>
+All other marks mentioned may be trademarks or registered trademarks of their
respective owners.</p>
+ </div>
+ </div>
+ </footer>
+ </body>
+</html>
Added:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig01-policy_ussales_rib.jpg
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/blogs/adventures_in_abac_1.files/fig01-policy_ussales_rib.jpg?rev=1909491&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig01-policy_ussales_rib.jpg
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig02-policy_globalsales_highly_sensitive.jpg
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/blogs/adventures_in_abac_1.files/fig02-policy_globalsales_highly_sensitive.jpg?rev=1909491&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig02-policy_globalsales_highly_sensitive.jpg
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig03-policy_globalsales_sensitive.jpg
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/blogs/adventures_in_abac_1.files/fig03-policy_globalsales_sensitive.jpg?rev=1909491&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig03-policy_globalsales_sensitive.jpg
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig04-policy_globalsales_non_sensitive.jpg
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/blogs/adventures_in_abac_1.files/fig04-policy_globalsales_non_sensitive.jpg?rev=1909491&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig04-policy_globalsales_non_sensitive.jpg
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig05-policy_globalsales_row_filter_sales_region.jpg
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/blogs/adventures_in_abac_1.files/fig05-policy_globalsales_row_filter_sales_region.jpg?rev=1909491&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig05-policy_globalsales_row_filter_sales_region.jpg
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig06-roles_capturing_sl_sr.jpg
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/blogs/adventures_in_abac_1.files/fig06-roles_capturing_sl_sr.jpg?rev=1909491&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig06-roles_capturing_sl_sr.jpg
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig07-policy_ussales_tag_attribute_based.jpg
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/blogs/adventures_in_abac_1.files/fig07-policy_ussales_tag_attribute_based.jpg?rev=1909491&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig07-policy_ussales_tag_attribute_based.jpg
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig08-policy_tag_based_sl.jpg
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/blogs/adventures_in_abac_1.files/fig08-policy_tag_based_sl.jpg?rev=1909491&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig08-policy_tag_based_sl.jpg
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig09-policy_globalsales_row_filter_sr_roles.jpg
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/blogs/adventures_in_abac_1.files/fig09-policy_globalsales_row_filter_sr_roles.jpg?rev=1909491&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig09-policy_globalsales_row_filter_sr_roles.jpg
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig10-roles_capturing_sl_sr_sp.jpg
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/blogs/adventures_in_abac_1.files/fig10-roles_capturing_sl_sr_sp.jpg?rev=1909491&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig10-roles_capturing_sl_sr_sp.jpg
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig11-policy_globalsalespartners_row_filter_sr_sp.jpg
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/blogs/adventures_in_abac_1.files/fig11-policy_globalsalespartners_row_filter_sr_sp.jpg?rev=1909491&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
ranger/site/trunk/blogs/adventures_in_abac_1.files/fig11-policy_globalsalespartners_row_filter_sr_sp.jpg
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: ranger/site/trunk/blogs/adventures_in_abac_1.files/table_globalsales.jpg
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/blogs/adventures_in_abac_1.files/table_globalsales.jpg?rev=1909491&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
ranger/site/trunk/blogs/adventures_in_abac_1.files/table_globalsales.jpg
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
ranger/site/trunk/blogs/adventures_in_abac_1.files/table_globalsalespartners.jpg
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/blogs/adventures_in_abac_1.files/table_globalsalespartners.jpg?rev=1909491&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
ranger/site/trunk/blogs/adventures_in_abac_1.files/table_globalsalespartners.jpg
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: ranger/site/trunk/blogs/adventures_in_abac_1.files/table_ussales.jpg
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/blogs/adventures_in_abac_1.files/table_ussales.jpg?rev=1909491&view=auto
==============================================================================
Binary file - no diff available.
Propchange: ranger/site/trunk/blogs/adventures_in_abac_1.files/table_ussales.jpg
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: ranger/site/trunk/blogs/adventures_in_abac_1.html
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/blogs/adventures_in_abac_1.html?rev=1909491&view=auto
==============================================================================
--- ranger/site/trunk/blogs/adventures_in_abac_1.html (added)
+++ ranger/site/trunk/blogs/adventures_in_abac_1.html Sat Apr 29 23:28:12 2023
@@ -0,0 +1,437 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE html>
+<html lang="en">
+
+ <head>
+ <meta http-equiv=Content-Type content="text/html; charset=utf-8">
+ <title>Adventures in ABAC - Part 1</title>
+ <style>
+ <!--
+ /* Font Definitions */
+ @font-face {font-family:Wingdings; panose-1:5 0 0 0 0 0 0 0 0 0;}
+ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;}
+ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;}
+ @font-face {font-family:"Calibri Light"; panose-1:2 15 3 2 2 2 4 3 2 4;}
+
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+ {margin:0in; font-size:12.0pt; font-family:"Calibri",sans-serif;}
+ h1
+ {mso-style-link:"Heading 1 Char"; margin-top:12.0pt;
margin-right:0in; margin-bottom:0in; margin-left:0in; page-break-after:avoid;
font-size:16.0pt; font-family:"Calibri Light",sans-serif; color:#2F5496;
font-weight:normal;}
+
+ p.MsoFootnoteText, li.MsoFootnoteText, div.MsoFootnoteText
+ {mso-style-link:"Footnote Text Char"; margin:0in;
font-size:10.0pt; font-family:"Calibri",sans-serif;}
+
+ p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
+ {margin-top:0in; margin-right:0in; margin-bottom:0in;
margin-left:.5in; font-size:12.0pt; font-family:"Calibri",sans-serif;}
+ p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst,
div.MsoListParagraphCxSpFirst
+ {margin-top:0in; margin-right:0in; margin-bottom:0in;
margin-left:.5in; font-size:12.0pt; font-family:"Calibri",sans-serif;}
+ p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle,
div.MsoListParagraphCxSpMiddle
+ {margin-top:0in; margin-right:0in; margin-bottom:0in;
margin-left:.5in; font-size:12.0pt; font-family:"Calibri",sans-serif;}
+ p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast,
div.MsoListParagraphCxSpLast
+ {margin-top:0in; margin-right:0in; margin-bottom:0in;
margin-left:.5in; font-size:12.0pt; font-family:"Calibri",sans-serif;}
+ span.Heading1Char
+ {mso-style-name:"Heading 1 Char"; mso-style-link:"Heading 1";
font-family:"Calibri Light",sans-serif; color:#2F5496;}
+ span.FootnoteTextChar
+ {mso-style-name:"Footnote Text Char"; mso-style-link:"Footnote
Text";}
+ .MsoChpDefault
+ {font-family:"Calibri",sans-serif;}
+
+ /* Page Definitions */
+ @page WordSection1
+ {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;}
+ div.WordSection1
+ {page:WordSection1;}
+
+
+ /* List Definitions */
+ ol
+ {margin-bottom:0in;}
+ ul
+ {margin-bottom:0in;}
+ -->
+ </style>
+ </head>
+
+ <body lang=EN-US
style='width:800px;word-wrap:break-word;align:center;margin:auto;border:ridge' >
+ <div style="margin-left:10pt;margin-right:10pt">
+ <h1 style="text-align:center">Adventures in attribute-based access
control (ABAC) - Part 1</h1>
+ <p class=MsoNormal style='font:5.0pt "Times New Roman"'> </p>
+ <div style="text-align:center">
+ <p class=MsoNormal>Barbara Eckman, Ph.D., Distinguished Architect,
Comcast</p>
+ <p class=MsoNormal>Apr 29, 2023</p>
+ </div>
+ <p class=MsoNormal> </p>
+
+ <div class=WordSection>
+ <h1>Introduction</h1>
+
+ <p class=MsoNormal>
+ Simply put, data access control enforces constraints on who is
permitted to access the data. An access control policy
+ specifies 1) which data may be accessed by 2) which users and
optionally 3) for how long
+ <a href="#_ftn1" name="_ftnref1" title=""><span
style='font-size:12.0pt;font-family:"Calibri",sans-serif'>[1]</span></a>.
+ </p>
+
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal>Data can be specified in access control policies in
multiple ways:</p>
+
+ <p class=MsoListParagraphCxSpFirst style='text-indent:-.25in'>1.<span
style='font:7.0pt "Times New
Roman"'> </span>Resource-based access control: data is
specified by its logical identifier e.g., table name, column name, Kafka topic
name, AWS S3 bucket name.</p>
+
+ <p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in'>2.<span
style='font:7.0pt "Times New Roman"'> </span>Tag-based
access control (TBAC): data is specified by one or more of its properties,
represented by a tag on its metadata, e.g., a Sales Region or Sensitivity
Level.</p>
+
+ <p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in'>3.<span
style='font:7.0pt "Times New Roman"'> </span>Row access
control: specifies rows/records that are visible to the user at run time by
setting up filters based on the value of an attribute, e.g., Sales Region is
"USâ.</p>
+
+ <p class=MsoListParagraphCxSpLast style='text-indent:-.25in'>4.<span
style='font:7.0pt "Times New Roman"'> </span>Masking
access control: specifies if the data should be masked before making it
available the user.
+ <a href="#_ftn2" name="_ftnref2" title=""><span
style='font-size:12.0pt;font-family:"Calibri",sans-serif'>[2]</span></a>
+ </p>
+
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal>Users can be specified in access control policies
in multiple ways:</p>
+
+ <p class=MsoListParagraphCxSpFirst style='text-indent:-.25in'>1.<span
style='font:7.0pt "Times New Roman"'> </span>by their
individual IDs, or by their group IDs.</p>
+
+ <p class=MsoListParagraphCxSpLast style='text-indent:-.25in'>2.<span
style='font:7.0pt "Times New Roman"'> </span>by the
roles the users belong to e.g., "USSalesPersonâ. This approach is generally
called Role-Based Access Control (RBAC).</p>
+
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal>Itâs generally acknowledged that RBAC and TBAC
are more maintainable, easier to understand, and therefore less error-prone
than resource-based access control and identifying users by their IDs or group
IDs. However, these are not sufficient for even moderately complex access
control constraints, as we will see.</p>
+
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal>In this blog, we will consider various access
control approaches for the following users in specified regions, having access
to a given level of sensitive data. Users with access to Highly Sensitive data
may also access Sensitive data.</p>
+
+ <p class=MsoNormal> </p>
+
+ <table class=MsoTableGrid border=1 cellspacing=0 cellpadding=0
style='margin-left:30.35pt;border-collapse:collapse;border:none'>
+ <tr>
+ <td width=90 valign=top style='width:67.25pt;border:solid
windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;text-align:center'><p
class=MsoNormal><b>User</b></p></td>
+ <td width=102 valign=top style='width:76.5pt;border:solid
windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in
5.4pt;text-align:center'><p class=MsoNormal><b>Region</b></p></td>
+ <td width=132 valign=top style='width:99.0pt;border:solid
windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in
5.4pt;text-align:center'><p class=MsoNormal><b>Access Level</b></p></td>
+ </tr>
+ <tr>
+ <td width=90 valign=top style='width:67.25pt;border:solid
windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p
class=MsoNormal>Bob</p></td>
+ <td width=102 valign=top
style='width:76.5pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>US</p></td>
+ <td width=132 valign=top
style='width:99.0pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>Highly Sensitive</p></td>
+ </tr>
+ <tr>
+ <td width=90 valign=top style='width:67.25pt;border:solid
windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p
class=MsoNormal>Celestine</p></td>
+ <td width=102 valign=top
style='width:76.5pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>EMEA</p></td>
+ <td width=132 valign=top
style='width:99.0pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>Sensitive</p></td>
+ </tr>
+ </table>
+
+ <p class=MsoNormal><span style='font-size:16.0pt;font-family:"Calibri
Light",sans-serif;color:#2F5496'> </span></p>
+
+ <h1>Resource and Identity-based Access Control: USSales</h1>
+ <p class=MsoNormal>Consider the following table containing data from
the US sales region.</p>
+ <p class=MsoNormal align=center style='text-align:center'>
+ <img width=700 height=140 id="Picture 6"
src="adventures_in_abac_1.files/table_ussales.jpg" alt="Table USSales">
+ </p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal>Resource and identity-based access-control policies
might include:</p>
+ <p class=MsoListParagraphCxSpFirst style='text-indent:-.25in'><span
style='font-family:Symbol'>-<span style='font:7.0pt "Times New
Roman"'> </span></span>Allow Bob to access all
columns because heâs from the US and has access to Highly Sensitive data.</p>
+ <p class=MsoListParagraphCxSpLast style='text-indent:-.25in'><span
style='font-family:Symbol'>-<span style='font:7.0pt "Times New
Roman"'> </span></span>Deny access to Celestine on
the table because sheâs from EMEA, i.e., not from US.</p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center style='text-align:center'>
+ <img width=700 height=800 border=1 id="policy_table_ussales_rib"
src="adventures_in_abac_1.files/fig01-policy_ussales_rib.jpg" alt="Fig 1.
Apache Ranger™ resource and identity-based access policy for table
USSales">
+ </p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center style='text-align:center'>Fig 1.
Apache Ranger™ resource and identity-based access policy for table
USSales</p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal>This isnât too onerous with two users, one table,
and two Sales Regions.</p>
+
+ <p class=MsoNormal><span style='font-size:16.0pt;font-family:"Calibri
Light",sans-serif;color:#2F5496'> </span></p>
+
+ <h1>Resource and Identity-based Access Control: GlobalSales</h1>
+ <p class=MsoNormal>Letâs add a bit of complexity. Consider the
following table containing data from several sales regions, including US and
EMEA.</p>
+ <p class=MsoNormal align=center style='text-align:center'>
+ <img width=780 height=180 id="Picture 7"
src="adventures_in_abac_1.files/table_globalsales.jpg" alt="Table: GlobalSales">
+ </p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal>Resource-based and identity-based access-control
policy might include:</p>
+ <p class=MsoListParagraphCxSpFirst style='text-indent:-.25in'><span
style='font-family:Symbol'>-<span style='font:7.0pt "Times New
Roman"'> </span></span>Allow Bob to access all
columns in rows having salesRegion=US because heâs from the US and has access
to Highly Sensitive data.</p>
+ <p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in'><span
style='font-family:Symbol'>-<span style='font:7.0pt "Times New
Roman"'> </span></span>Allow Celestine to access
columns c1-c10 in rows having salesRegion=EMEA because sheâs from EMEA and
has access to Sensitive data.</p>
+ <p class=MsoListParagraphCxSpLast style='text-indent:-.25in'><span
style='font-family:Symbol'>-<span style='font:7.0pt "Times New
Roman"'> </span></span>Deny users from
non-matching regions any access to the table.</p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center style='text-align:center'>
+ <img width=700 height=800 border=1 id="Picture 9"
src="adventures_in_abac_1.files/fig02-policy_globalsales_highly_sensitive.jpg"
alt="Fig 2. Apache Ranger™ access policy for highly sensitive data in
table GlobalSales">
+ </p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center style='text-align:center'>Fig 2.
Apache Ranger™ access policy for highly sensitive data in table
GlobalSales</p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center style='text-align:center'>
+ <img width=700 height=800 border=1 id="Picture 14"
src="adventures_in_abac_1.files/fig03-policy_globalsales_sensitive.jpg"
alt="Fig 3. Apache Ranger™ access policy for sensitive data in table
GlobalSales">
+ </p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center style='text-align:center'>Fig 3.
Apache Ranger™ access policy for sensitive data in table GlobalSales</p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center style='text-align:center'>
+ <img width=700 height=800 border=1 id="Picture 22"
src="adventures_in_abac_1.files/fig04-policy_globalsales_non_sensitive.jpg"
alt="Fig 4. Apache Ranger™ access policy for non-sensitive data in table
GlobalSales">
+ </p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center style='text-align:center'>Fig 4.
Apache Ranger™ access policy for non-sensitive data in table
GlobalSales</p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center style='text-align:center'>
+ <img width=700 height=800 border=1 id="Picture 16"
src="adventures_in_abac_1.files/fig05-policy_globalsales_row_filter_sales_region.jpg"
alt="Fig 5. Apache Ranger™ row-filter policy to restrict access to data
in table GlobalSales based on sales region">
+ </p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center style='text-align:center'>Fig 5.
Apache Ranger™ row-filter policy to restrict access to data in table
GlobalSales based on sales region</p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal>Note that the fact that Bob is from the US with
access to highly sensitive data is not explicitly captured in the above
policies. Nor are the sensitivity levels of the two sets of columns. This
knowledge is implicit only, making the policies difficult to maintain over time
as business rules change.</p>
+ <p class=MsoNormal> </p>
+
+ <h1>Tag-based and Role-based Access Control: USSales</h1>
+ <p class=MsoNormal>In this section we will explore using tags and
roles (TBAC and RBAC) to set up access control on the USSales table.</p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal>Letâs use tags to capture metadata relevant to
access control, and assign them to tables and columns as shown below:</p>
+ <p class=MsoNormal> </p>
+
+ <table class=MsoTableGrid border=1 cellspacing=0 cellpadding=0
width=511
style='width:383.4pt;margin-left:30.35pt;border-collapse:collapse;border:none'>
+ <tr>
+ <td width=205 valign=top style='width:153.45pt;border:solid
windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;text-align:center'><p
class=MsoNormal><b><span
style='font-size:10.0pt'>Table/Columns</span></b></p></td>
+ <td width=113 valign=top style='width:84.8pt;border:solid
windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in
5.4pt;text-align:center'><p class=MsoNormal><b><span
style='font-size:10.0pt'>Tag</span></b></p></td>
+ <td width=194 valign=top style='width:145.15pt;border:solid
windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in
5.4pt;text-align:center'><p class=MsoNormal><b><span
style='font-size:10.0pt'>Tag Attribute</span></b></p></td>
+ </tr>
+ <tr>
+ <td width=205 valign=top style='width:153.45pt;border:solid
windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p
class=MsoNormal>USSales</p></td>
+ <td width=113 valign=top
style='width:84.8pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>salesRegion</p></td>
+ <td width=194 valign=top
style='width:145.15pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>value="US"</p></td>
+ </tr>
+ <tr>
+ <td width=205 valign=top style='width:153.45pt;border:solid
windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p
class=MsoNormal>c1, c2, c3, c4, c5</p></td>
+ <td width=113 valign=top
style='width:84.8pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>sensitivityLevel</p></td>
+ <td width=194 valign=top
style='width:145.15pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>value="sensitive"</p></td>
+ </tr>
+ <tr>
+ <td width=205 valign=top style='width:153.45pt;border:solid
windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p
class=MsoNormal>c6, c7, c8</p></td>
+ <td width=113 valign=top
style='width:84.8pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>sensitivityLevel</p></td>
+ <td width=194 valign=top
style='width:145.15pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>value="highlySensitive"</p></td>
+ </tr>
+ </table>
+
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal>Letâs use the following roles to capture usersâ
access scope by sensitivity level and region, and assign users as members of
the appropriate roles:</p>
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal align=center style='text-align:center'>
+ <img width=700 height=380 border=1 id="Picture 23"
src="adventures_in_abac_1.files/fig06-roles_capturing_sl_sr.jpg" alt="Fig 6.
Apache Ranger™ roles to capture sensitivity level and sales region for
users">
+ </p>
+
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center style='text-align:center'>Fig 6.
Apache Ranger™ roles to capture sensitivity level and sales region for
users</p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal>Tag-based and role-based access-control policies
might include:</p>
+
+ <p class=MsoListParagraphCxSpFirst style='text-indent:-.25in'>1.<span
style='font:7.0pt "Times New Roman"'> </span>Tag:
salesRegion</p>
+ <p class=MsoListParagraphCxSpMiddle style='margin-left:1.0in;
+ text-indent:-.25in'>a.<span style='font:7.0pt "Times New
Roman"'> </span>Allow users in role salesRegion.US to
access resources tagged with salesRegion.value = "US"</p>
+ <p class=MsoListParagraphCxSpLast style='margin-left:1.0in;
+ text-indent:-.25in'>b.<span style='font:7.0pt "Times New
Roman"'> </span>Allow users in role salesRegion.EMEA to
access resources tagged with salesRegion.value = "EMEA"</p>
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal align=center style='text-align:center'>
+ <img width=700 height=800 border=1 id="Picture 24"
src="adventures_in_abac_1.files/fig07-policy_ussales_tag_attribute_based.jpg"
alt="Fig 7. Apache Ranger™ tag attribute-based access policy for sales
region">
+ </p>
+
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center style='text-align:center'>Fig 7.
Apache Ranger™ tag attribute-based access policy for sales region</p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal> </p>
+
+ <p class=MsoListParagraphCxSpFirst style='text-indent:-.25in'>2.<span
style='font:7.0pt "Times New Roman"'> </span>Tag:
sensitivityLevel</p>
+ <p class=MsoListParagraphCxSpMiddle
style='margin-left:1.0in;text-indent:-.25in'>a.<span style='font:7.0pt "Times
New Roman"'> </span>Allow users in role
sensitivityLevel.sensitive to access resources tagged with
sensitivityLevel.value = "sensitive", OR empty.</p>
+ <p class=MsoListParagraphCxSpLast style='margin-left:1.0in;
+ text-indent:-.25in'>b.<span style='font:7.0pt "Times New
Roman"'> </span>Allow users in role
sensitivityLevel.highlySensitive to access resources tagged with
sensitivityLevel.value = "sensitive" OR "highlySensitive", OR empty.</p>
+ <p class=MsoNormal> </p>
+
+ <p class=MsoListParagraph align=center
style='margin-left:0in;text-align:center'>
+ <img width=700 height=800 border=1 id="Picture 25"
src="adventures_in_abac_1.files/fig08-policy_tag_based_sl.jpg" alt="Fig 8.
Apache Ranger™ tag attribute-based access policy for sensitivity level">
+ </p>
+
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center style='text-align:center'>Fig 8.
Apache Ranger™ tag attribute-based access policy for sensitivity level</p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal>Note that the knowledge needed for access control
is now explicit: the columnsâ metadata is tagged with an explicit sensitivity
level, and the users are explicitly members of the appropriate salesRegion
role. </p>
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal><span style='color:black'>Note that these tag
policies can be used to handle an EMEASales table as well as the USSales table,
depending on whether the value of the tag is âUSâ or âEMEAâ.</span></p>
+ <p class=MsoNormal> </p>
+
+ <h1>Tag-based and Role-based Access Control: GlobalSales</h1>
+
+ <p class=MsoNormal>In this section we return to the GlobalSales table.
In this case we canât use a simple salesRegion tag on the table, since the
table contains data from multiple regions including US and EMEA. A row-filter
is needed, as in the resource-based policy above. </p>
+
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal>As before, letâs use the following tags to
capture metadata relevant to sensitivity access control, and have them assigned
to columns as shown below:</p>
+
+ <p class=MsoNormal> </p>
+
+ <table class=MsoTableGrid border=1 cellspacing=0 cellpadding=0
width=511
style='width:383.4pt;margin-left:30.35pt;border-collapse:collapse;border:none'>
+ <tr>
+ <td width=205 valign=top style='width:153.45pt;border:solid
windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;text-align:center'><p
class=MsoNormal><b><span style='font-size:10.0pt'>Columns</span></b></p></td>
+ <td width=113 valign=top style='width:84.8pt;border:solid
windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in
5.4pt;text-align:center'><p class=MsoNormal><b><span
style='font-size:10.0pt'>Tag</span></b></p></td>
+ <td width=194 valign=top style='width:145.15pt;border:solid
windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in
5.4pt;text-align:center'><p class=MsoNormal><b><span
style='font-size:10.0pt'>Tag Attribute</span></b></p></td>
+ </tr>
+ <tr>
+ <td width=205 valign=top style='width:153.45pt;border:solid
windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p
class=MsoNormal>c2, c3</p></td>
+ <td width=113 valign=top
style='width:84.8pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>sensitivityLevel</p></td>
+ <td width=194 valign=top
style='width:145.15pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>value="sensitive"</p></td>
+ </tr>
+ <tr>
+ <td width=205 valign=top style='width:153.45pt;border:solid
windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p
class=MsoNormal>c11, c12, c13, c14</p></td>
+ <td width=113 valign=top
style='width:84.8pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>sensitivityLevel</p></td>
+ <td width=194 valign=top
style='width:145.15pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>value="highlySensitive"</p></td>
+ </tr>
+ </table>
+
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal>Also, letâs use the same roles listed in the
previous use case, Fig. 6</p>
+
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal>Tag-based and role-based access-control policies
might include:</p>
+
+ <p class=MsoListParagraphCxSpFirst style='text-indent:-.25in'>1.<span
style='font:7.0pt "Times New Roman"'> </span>Tag:
sensitivityLevel: same policy as the previous use case, Fig. 8</p>
+ <p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in'>2.<span
style='font:7.0pt "Times New Roman"'> </span>Row filter
Policy:</p>
+ <p class=MsoListParagraphCxSpMiddle
style='margin-left:1.0in;text-indent:-.25in'>a.<span style='font:7.0pt "Times
New Roman"'> </span>Users in the salesRegion.US role
have access to rows where salesRegion = "US"</p>
+ <p class=MsoListParagraphCxSpLast
style='margin-left:1.0in;text-indent:-.25in'>b.<span style='font:7.0pt "Times
New Roman"'> </span>Users in the salesRegion.EMEA role
have access to rows where salesRegion = "EMEA"</p>
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal align=center style='text-align:center'>
+ <img width=700 height=800 border=1 id="Picture 28"
src="adventures_in_abac_1.files/fig09-policy_globalsales_row_filter_sr_roles.jpg"
alt="Fig 9. Apache Ranger™ row-filter policy to restrict access to data
in table GlobalSales based on sales region and user roles">
+ </p>
+
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center style='text-align:center'>Fig 9.
Apache Ranger™ row-filter policy to restrict access to data in table
GlobalSales based on sales region and user roles</p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal>This policy controls access by any user who has
been assigned to a salesRegion role, not simply bob or celestine. </p>
+ <p class=MsoNormal> </p>
+
+ <h1>Beyond Tag-based and Role-based Access Control:
GlobalSalesPartners</h1>
+ <p class=MsoNormal>As our final level of complexity, in this section
we will extend access control to a GlobalSalesPartners table that includes info
on which business partner ("ABC" or "XYZ") produced the data.</p>
+
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal>
+ <img width=780 height=180 id="Picture 8"
src="adventures_in_abac_1.files/table_globalsalespartners.jpg" alt="Table
GlobalSalesPartners">
+ </p>
+
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal>The following additional conditions must be
enforced for accessing data in this table:</p>
+ <p class=MsoListParagraphCxSpFirst style='text-indent:-.25in'>1.<span
style='font:7.0pt "Times New Roman"'> </span>Bob can
see only data from partner "ABC"</p>
+ <p class=MsoListParagraphCxSpLast style='text-indent:-.25in'>2.<span
style='font:7.0pt "Times New Roman"'> </span>Celestine
can see data from both partners.</p>
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal>As before, letâs use the following tags to
capture metadata relevant to sensitivity level, and have them assigned to
columns as shown below:</p>
+ <p class=MsoNormal> </p>
+
+ <table class=MsoTableGrid border=1 cellspacing=0 cellpadding=0
width=511
style='width:383.4pt;margin-left:30.35pt;border-collapse:collapse;border:none'>
+ <tr>
+ <td width=205 valign=top style='width:153.45pt;border:solid
windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;text-align:center'><p
class=MsoNormal><b><span style='font-size:10.0pt'>Columns</span></b></p></td>
+ <td width=113 valign=top style='width:84.8pt;border:solid
windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in
5.4pt;text-align:center'><p class=MsoNormal><b><span
style='font-size:10.0pt'>Tag</span></b></p></td>
+ <td width=194 valign=top style='width:145.15pt;border:solid
windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in
5.4pt;text-align:center'><p class=MsoNormal><b><span
style='font-size:10.0pt'>Tag Attribute</span></b></p></td>
+ </tr>
+ <tr>
+ <td width=205 valign=top style='width:153.45pt;border:solid
windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p
class=MsoNormal>c2, c3</p></td>
+ <td width=113 valign=top
style='width:84.8pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>sensitivityLevel</p></td>
+ <td width=194 valign=top
style='width:145.15pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>value="sensitive"</p></td>
+ </tr>
+ <tr>
+ <td width=205 valign=top style='width:153.45pt;border:solid
windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt'><p
class=MsoNormal>c11, c12, c13, c14</p></td>
+ <td width=113 valign=top
style='width:84.8pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>sensitivityLevel</p></td>
+ <td width=194 valign=top
style='width:145.15pt;border-top:none;border-left:none;border-bottom:solid
windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in
5.4pt'><p class=MsoNormal>value="highlySensitive"</p></td>
+ </tr>
+ </table>
+
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal>Letâs use the following roles to capture the
usersâ access scope by sensitivity level, region, and sales partner, and
assign our users as members of the appropriate roles:</p>
+
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal align=center style='text-align:center'>
+ <img width=700 height=380 border=1 id="Picture 29"
src="adventures_in_abac_1.files/fig10-roles_capturing_sl_sr_sp.jpg" alt="Fig
10. Apache Ranger™ roles to capture sensitivity level, sales region and
sales partners for users">
+ </p>
+
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center style='text-align:center'>Fig 10.
Apache Ranger™ roles to capture sensitivity level, sales region and sales
partners for users</p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal>Tag-based and role-based access-control policies
might include:</p>
+ <p class=MsoListParagraphCxSpFirst style='text-indent:-.25in'>1.<span
style='font:7.0pt "Times New Roman"'> </span>Tag:
sensitivityLevel: same policy as earlier use case, Fig. 8</p>
+ <p class=MsoListParagraphCxSpMiddle style='text-indent:-.25in'>2.<span
style='font:7.0pt "Times New Roman"'> </span>Row filter
Policy:</p>
+ <p class=MsoListParagraphCxSpMiddle
style='margin-left:1.0in;text-indent:-.25in'>a.<span style='font:7.0pt "Times
New Roman"'> </span>Users in salesRegion.US role have
access to rows where salesRegion = "US"</p>
+ <p class=MsoListParagraphCxSpMiddle
style='margin-left:1.0in;text-indent:-.25in'>b.<span style='font:7.0pt "Times
New Roman"'> </span>Users in salesRegion.EMEA role have
access to rows where salesRegion = "EMEA"</p>
+ <p class=MsoListParagraphCxSpMiddle
style='margin-left:1.0in;text-indent:-.25in'>c.<span style='font:7.0pt "Times
New Roman"'> </span>Users in salesPartner.ABC role have
access to rows where salesPartner = "ABC"</p>
+ <p class=MsoListParagraphCxSpLast
style='margin-left:1.0in;text-indent:-.25in'>d.<span style='font:7.0pt "Times
New Roman"'> </span>Users in salesPartner.XYZ role has
access to rows where salesPartner = "XYZ"</p>
+
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center
style='margin-left:0in;text-align:center'>
+ <img width=700 height=800 border=1 id="Picture 36"
src="adventures_in_abac_1.files/fig11-policy_globalsalespartners_row_filter_sr_sp.jpg"
alt="Fig 11. Apache Ranger™ row-filter policy to restrict access to data
in table GlobalSalesPartners based on sales region and sales partner">
+ </p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal align=center style='text-align:center'>Fig 11.
Apache Ranger™ row-filter policy to restrict access to data in table
GlobalSalesPartners based on sales region and sales partner</p>
+ <p class=MsoNormal> </p>
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal>It is easy to see that as the numbers of
salesRegions and salesPartners rise, the number of roles and row filter
conditions increases combinatorially, and rapidly becomes difficult to manage.
</p>
+ <p class=MsoNormal> </p>
+
+ <p class=MsoNormal>As I said before, built-in Apache Ranger™
TBAC, RBAC, and row-filter based access policies are powerful, but they are not
sufficient for complex access control constraints, like above. Join in to part
2 of this blog series to see how ABAC can answer these and other more complex
constraint requirements, and do itâ¦well, elegantly!</p>
+ <p class=MsoNormal> </p>
+ </div>
+
+ <div>
+ <br clear=all>
+ <hr align=left size=1 width="33%">
+ <div id=ftn1>
+ <p class=MsoNormal><a href="#_ftnref1" name="_ftn1" title=""><span
style='font-size:12.0pt;font-family:"Calibri",sans-serif'>[1]</span></a>Specifying
expiration dates for access control policies where relevant. This is not
specific to ABAC and so we wonât discuss it further in this blog series.</p>
+ <p class=MsoFootnoteText> </p>
+ </div>
+
+ <div id=ftn2>
+ <p class=MsoNormal><a href="#_ftnref2" name="_ftn2" title=""><span
style='font-size:12.0pt;font-family:"Calibri",sans-serif'>[2]</span></a>We will
cover details of masking policies in a subsequent blog.</p>
+ <p class=MsoFootnoteText> </p>
+ </div>
+ </div>
+ </div>
+ </body>
+
+ <footer>
+ <div align=center >
+ <a href="/blogs.html">Apache Ranger™ blogs</a>
+ </div>
+ </footer>
+</html>
Modified: ranger/site/trunk/download.html
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/download.html?rev=1909491&r1=1909490&r2=1909491&view=diff
==============================================================================
--- ranger/site/trunk/download.html (original)
+++ ranger/site/trunk/download.html Sat Apr 29 23:28:12 2023
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8
+ | Generated by Apache Maven Doxia Site Renderer 1.11.1
| Rendered using Apache Maven Fluido Skin 1.6
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
@@ -24,7 +24,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2023-03-31<span
class="divider">|</span>
+ <li id="publishDate">Last Published: 2023-04-29<span
class="divider">|</span>
</li>
<li id="projectVersion">Version: 3.0.0-SNAPSHOT<span
class="divider">|</span></li>
<li class=""><a href="./" title="Ranger">Ranger</a><span
class="divider">/</span></li>
@@ -46,6 +46,7 @@
<li><a href="quick_start_guide.html" title="Quick Start Guide"><span
class="none"></span>Quick Start Guide</a> </li>
<li><a href="apidocs/index.html" title="Ranger REST API
Documentation"><span class="none"></span>Ranger REST API Documentation</a>
</li>
<li><a href="kms/apidocs/index.html" title="Ranger KMS REST API
Documentation"><span class="none"></span>Ranger KMS REST API Documentation</a>
</li>
+ <li><a href="blogs.html" title="Blogs"><span class="none"></span>Blogs</a>
</li>
<li><a href="https://www.apache.org/licenses/"; class="externalLink"
title="License"><span class="none"></span>License</a> </li>
<li class="nav-header">Project Information</li>
<li><a href="project-summary.html" title="Project Summary"><span
class="none"></span>Project Summary</a> </li>
@@ -98,10 +99,9 @@
<div id="bodyColumn" class="span10" >
-<div class="section">
+<section>
<h2><a name="Download_Apache_Ranger.E2.84.A2"></a>Download Apache
Ranger™</h2>
-
-<div class="section">
+<section>
<h3><a name="How_to_Download"></a>How to Download</h3>
<p>
@@ -111,9 +111,8 @@ available under the
<a class="externalLink"
href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License, Version
2.0</a> - see the
LICENSE.txt and NOTICE.txt files contained in each release artifact.
</p>
-</div>
-
-<div class="section">
+</section>
+<section>
<h3><a
name="Current_official_release_.28closest_mirror_site_selected_automatically.29"></a>Current
official release (closest mirror site selected automatically)</h3>
<ul>
@@ -261,9 +260,8 @@ Apache Ranger 0.5.3:
</p>
</li>
</ul>
-</div>
-
-<div class="section">
+</section>
+<section>
<h3><a name="Verifying_Releases"></a>Verifying Releases</h3>
<p>
@@ -295,16 +293,15 @@ The digests are stored in the file calle
<li>sha1sum apache-ranger-*.tar.gz (and compare output to the relevant digest
in apache-ranger-*.tar.gz.mds)</li>
</ul>
-</div>
-
-<div class="section">
+</section>
+<section>
<h3><a name="Archive_of_old_releases"></a>Archive of old releases</h3>
<p>
Older releases are available in the <a class="externalLink"
href="https://archive.apache.org/dist/incubator/ranger/";>archive</a>.
</p>
-</div>
-</div>
+</section>
+</section>
Modified: ranger/site/trunk/faq.html
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/faq.html?rev=1909491&r1=1909490&r2=1909491&view=diff
==============================================================================
--- ranger/site/trunk/faq.html (original)
+++ ranger/site/trunk/faq.html Sat Apr 29 23:28:12 2023
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8
+ | Generated by Apache Maven Doxia Site Renderer 1.11.1
| Rendered using Apache Maven Fluido Skin 1.6
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
@@ -24,7 +24,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2023-03-23<span
class="divider">|</span>
+ <li id="publishDate">Last Published: 2023-04-29<span
class="divider">|</span>
</li>
<li id="projectVersion">Version: 3.0.0-SNAPSHOT<span
class="divider">|</span></li>
<li class=""><a href="./" title="Ranger">Ranger</a><span
class="divider">/</span></li>
@@ -46,6 +46,7 @@
<li><a href="quick_start_guide.html" title="Quick Start Guide"><span
class="none"></span>Quick Start Guide</a> </li>
<li><a href="apidocs/index.html" title="Ranger REST API
Documentation"><span class="none"></span>Ranger REST API Documentation</a>
</li>
<li><a href="kms/apidocs/index.html" title="Ranger KMS REST API
Documentation"><span class="none"></span>Ranger KMS REST API Documentation</a>
</li>
+ <li><a href="blogs.html" title="Blogs"><span class="none"></span>Blogs</a>
</li>
<li><a href="https://www.apache.org/licenses/"; class="externalLink"
title="License"><span class="none"></span>License</a> </li>
<li class="nav-header">Project Information</li>
<li><a href="project-summary.html" title="Project Summary"><span
class="none"></span>Project Summary</a> </li>
@@ -96,7 +97,7 @@
</div>
</div>
<div id="bodyColumn" class="span10" >
-<div class="section">
+<section>
<h2><a name="Frequently_Asked_Questions"></a><a name="top">Frequently Asked
Questions</a></h2>
<p><b>General</b></p>
<ol style="list-style-type: decimal">
@@ -127,8 +128,7 @@
<li><a href="#How_does_Apache_Ranger_provide_authorization_in_Apache_Solr">How
does Apache Ranger provide authorization in Apache Solr?</a></li></ol>
<p><b>YARN</b></p>
<ol style="list-style-type: decimal">
-<li><a href="#How_does_Apache_Ranger_provide_authorization_in_YARN">How does
Apache Ranger provide authorization in YARN?</a></li></ol></div>
-<div class="section">
+<li><a href="#How_does_Apache_Ranger_provide_authorization_in_YARN">How does
Apache Ranger provide authorization in YARN?</a></li></ol></section><section>
<h2><a name="General"></a>General</h2>
<dl>
<dt><a name="What_does_Apache_Ranger_offer_for_Hadoop">What does Apache Ranger
offer for Apache Hadoop and related components?</a></dt>
@@ -181,8 +181,7 @@
No, Apache Ranger is not a Single Point of Failure. Apache Ranger's
plugins run within the same process as the component, e.g. NameNode for HDFS.
These agents pull the policy-changes using REST API at a configured regular
interval (e.g.: 30 second). The plugin is able to function even if the policy
server is temporarily down and will provide the authorization enforcement.
Also, the policy manager web application can be hosted on a HA infrastructure.
(with multiple apache server, multiple tomcat servers and a standby database
server w/o replication setup).
</p>
-<p align="right"><a href="#top">[top]</a></p></dd></dl></div>
-<div class="section">
+<p align="right"><a href="#top">[top]</a></p></dd></dl></section><section>
<h2><a name="Apache_Hadoop"></a>Apache Hadoop</h2>
<dl>
<dt><a
name="How_does_Apache_Ranger_provide_authorization_in_Apache_Hadoop">How does
Apache Ranger provide authorization in Apache Hadoop?</a></dt>
@@ -213,8 +212,7 @@
</p>
-<p align="right"><a href="#top">[top]</a></p></dd></dl></div>
-<div class="section">
+<p align="right"><a href="#top">[top]</a></p></dd></dl></section><section>
<h2><a name="Apache_Hive"></a>Apache Hive</h2>
<dl>
<dt><a name="How_does_Apache_Ranger_provide_authorization_in_Apache_Hive">How
does Apache Ranger provide authorization in Apache Hive?</a></dt>
@@ -232,8 +230,7 @@
Apache Hive currently provides two methods of
authorization, Storage based authorization and SQL standard authorization,
which was introduced in Hive 13. SQL standard authorization provides
grant/revoke functionality at database, table level. The commands would be
familiar to a DBA admin. Apache Ranger provides a centralized authorization
interface for Hive and provides more granular access control at column level
through the Hive plugin. Ranger also provides ability to use wildcard in
resource names within the policy.
</p>
-<p align="right"><a href="#top">[top]</a></p></dd></dl></div>
-<div class="section">
+<p align="right"><a href="#top">[top]</a></p></dd></dl></section><section>
<h2><a name="Apache_HBase"></a>Apache HBase</h2>
<dl>
<dt><a name="How_does_Apache_Ranger_provide_authorization_in_Apache_HBase">How
does Apache Ranger provide authorization in Apache Hbase?</a></dt>
@@ -243,8 +240,7 @@
Apache Ranger provides a coprocessor which is added to HBase,
and includes the logic to perform authorization check and collect audit data.
</p>
-<p align="right"><a href="#top">[top]</a></p></dd></dl></div>
-<div class="section">
+<p align="right"><a href="#top">[top]</a></p></dd></dl></section><section>
<h2><a name="Apache_Knox"></a>Apache Knox</h2>
<dl>
<dt><a name="How_does_Apache_Ranger_provide_authorization_in_Apache_Knox">How
does Apache Ranger provide authorization in Apache Knox?</a></dt>
@@ -254,8 +250,7 @@
Apache Knox currently provides a service level authorization
for users/groups. These acls are stored locally in a file. Apache Ranger has
built a plugin for Knox to enable administration of these policies through
central UI/REST APIs as well as detailed auditing of Knox user access.
</p>
-<p align="right"><a href="#top">[top]</a></p></dd></dl></div>
-<div class="section">
+<p align="right"><a href="#top">[top]</a></p></dd></dl></section><section>
<h2><a name="Apache_Kafka"></a>Apache Kafka</h2>
<dl>
<dt><a name="How_does_Apache_Ranger_provide_authorization_in_Apache_Kafka">How
does Apache Ranger provide authorization in Apache Kafka?</a></dt>
@@ -265,8 +260,7 @@
Security was introduced in Apache Kafka 0.9. Apache Ranger can
manage the Kafka ACLs per topic. Users can use Ranger to control who can write
to a topic or read from a topic. In addition to providing policies by users and
groups, Apache Ranger also supports IP address based permissions to publish or
subscribe.
</p>
-<p align="right"><a href="#top">[top]</a></p></dd></dl></div>
-<div class="section">
+<p align="right"><a href="#top">[top]</a></p></dd></dl></section><section>
<h2><a name="Apache_Solr"></a>Apache Solr</h2>
<dl>
<dt><a name="How_does_Apache_Ranger_provide_authorization_in_Apache_Solr">How
does Apache Ranger provide authorization in Apache Solr?</a></dt>
@@ -276,8 +270,7 @@
Similar to Apache Kafka, security in Apache Solr was
introduced recently by the community. Through Apache Ranger, users can build
policies for users/groups to query a particular collections in Solr. Efforts
are underway in Solr community to provide more granular index level permissions.
</p>
-<p align="right"><a href="#top">[top]</a></p></dd></dl></div>
-<div class="section">
+<p align="right"><a href="#top">[top]</a></p></dd></dl></section><section>
<h2><a name="YARN"></a>YARN</h2>
<dl>
<dt><a name="How_does_Apache_Ranger_provide_authorization_in_YARN">How does
Apache Ranger provide authorization in YARN?</a></dt>
@@ -287,7 +280,7 @@
YARN is widely used in the Hadoop ecosystem as resource
management layer for applications. Adminstrators can use YARN to setup queues
with a certain capacity and applications can be given permissions to write to a
certain queue. Using Apache Ranger, administrators can manage the policies for
who can write to a particular queue
</p>
-<p align="right"><a href="#top">[top]</a></p></dd></dl></div>
+<p align="right"><a href="#top">[top]</a></p></dd></dl></section>
</div>
</div>
</div>
Modified: ranger/site/trunk/index.html
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/index.html?rev=1909491&r1=1909490&r2=1909491&view=diff
==============================================================================
--- ranger/site/trunk/index.html (original)
+++ ranger/site/trunk/index.html Sat Apr 29 23:28:12 2023
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8
+ | Generated by Apache Maven Doxia Site Renderer 1.11.1
| Rendered using Apache Maven Fluido Skin 1.6
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
@@ -26,7 +26,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2023-03-23<span
class="divider">|</span>
+ <li id="publishDate">Last Published: 2023-04-29<span
class="divider">|</span>
</li>
<li id="projectVersion">Version: 3.0.0-SNAPSHOT<span
class="divider">|</span></li>
<li class=""><a href="./" title="Ranger">Ranger</a><span
class="divider">/</span></li>
@@ -48,6 +48,7 @@
<li><a href="quick_start_guide.html" title="Quick Start Guide"><span
class="none"></span>Quick Start Guide</a> </li>
<li><a href="apidocs/index.html" title="Ranger REST API
Documentation"><span class="none"></span>Ranger REST API Documentation</a>
</li>
<li><a href="kms/apidocs/index.html" title="Ranger KMS REST API
Documentation"><span class="none"></span>Ranger KMS REST API Documentation</a>
</li>
+ <li><a href="blogs.html" title="Blogs"><span class="none"></span>Blogs</a>
</li>
<li><a href="https://www.apache.org/licenses/"; class="externalLink"
title="License"><span class="none"></span>License</a> </li>
<li class="nav-header">Project Information</li>
<li><a href="project-summary.html" title="Project Summary"><span
class="none"></span>Project Summary</a> </li>
@@ -98,12 +99,11 @@
</div>
</div>
<div id="bodyColumn" class="span10" >
-<div class="section">
+<section>
<h2><a name="Apache_Ranger.26.238482.3B"></a>Apache Ranger™</h2>
<p>Apache Ranger™ is a framework to enable, monitor and manage
comprehensive data security across the Hadoop platform.</p>
<p>The vision with Ranger is to provide comprehensive security across the
Apache Hadoop ecosystem. With the advent of Apache YARN, the Hadoop platform
can now support a true data lake architecture. Enterprises can potentially run
multiple workloads, in a multi tenant environment. Data security within Hadoop
needs to evolve to support multiple use cases for data access, while also
providing a framework for central administration of security policies and
monitoring of user access.</p>
-<p>Please read the <a href="./faq.html">FAQs</a> if you need to understand how
it works over Apache Hadoop components.</p>
-<div class="section">
+<p>Please read the <a href="./faq.html">FAQs</a> if you need to understand how
it works over Apache Hadoop components.</p><section>
<h3><a name="Goals_Overview"></a>Goals Overview</h3>
<p>Apache Ranger has the following goals:</p>
<ul>
@@ -111,13 +111,12 @@
<li>Fine grained authorization to do a specific action and/or operation with
Hadoop component/tool and managed through a central administration tool</li>
<li>Standardize authorization method across all Hadoop components.</li>
<li>Enhanced support for different authorization methods - Role based access
control, attribute based access control etc.</li>
-<li>Centralize auditing of user access and administrative actions (security
related) within all the components of Hadoop.</li></ul></div>
-<div class="section">
+<li>Centralize auditing of user access and administrative actions (security
related) within all the components of Hadoop.</li></ul></section><section>
<h3><a name="Usage"></a>Usage</h3>
<p>General instructions on how to use the Apache Ranger can be found on the <a
class="externalLink"
href="https://cwiki.apache.org/confluence/display/RANGER/Index";>Wiki
Page</a>.</p>
<p>In case you have questions regarding the Ranger' usage, please have a look
at the <a href="./faq.html">FAQ</a> and feel free to contact the <a
href="./mail-lists.html">user mailing list</a>. The posts to the mailing list
are archived and could already contain the answer to your question as part of
an older thread. Hence, it is also worth browsing/searching the <a
href="./mail-lists.html">mail archive</a>.</p>
<p>If you feel like the Apache Ranger is missing a feature or has a defect,
you can fill a feature request or bug report in our <a class="externalLink"
href="https://issues.apache.org/jira/browse/ranger/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel";>issue
tracker</a>. When creating a new issue, please provide a comprehensive
description of your concern. Especially for fixing bugs it is crucial that the
developers can reproduce your problem.</p>
-<p>Contributors can check out the source code from our <a class="externalLink"
href="https://gitbox.apache.org/repos/asf/ranger.git";>Git repository</a> or
from <a class="externalLink"
href="https://github.com/apache/ranger";>Github</a></p></div></div>
+<p>Contributors can check out the source code from our <a class="externalLink"
href="https://gitbox.apache.org/repos/asf/ranger.git";>Git repository</a> or
from <a class="externalLink"
href="https://github.com/apache/ranger";>Github</a></p></section></section>
</div>
</div>
</div>
Added: ranger/site/trunk/index.js
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/index.js?rev=1909491&view=auto
==============================================================================
--- ranger/site/trunk/index.js (added)
+++ ranger/site/trunk/index.js Sat Apr 29 23:28:12 2023
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+var gatewayUrl;
+var apiBaseUrl = "/service";
+
+window.onload = function() {
+ const ui = SwaggerUIBundle({
+ url: getSwaggerBaseUrl(window.location.pathname) + "/swagger.json",
+ dom_id: '#swagger-ui',
+ deepLinking: true,
+ presets: [
+ SwaggerUIBundle.presets.apis,
+ SwaggerUIStandalonePreset
+ ],
+ plugins: [
+ SwaggerUIBundle.plugins.DownloadUrl
+ ],
+ layout: "StandaloneLayout",
+ requestInterceptor: function(request) {
+ if (!request.url.includes("swagger.json")) {
+ request.url = getAPIUrl(request.url);
+ }
+ if (request.method != "GET") {
+ request.headers['X-XSRF-HEADER'] = localStorage.csrfToken;
+ }
+
+ return request;
+ },
+ docExpansion: 'none'
+ })
+ window.ui = ui;
+ setLogo()
+
if(document.getElementById("swagger-ui").getElementsByClassName("float-right").length
> 0) {
+
document.getElementById("swagger-ui").getElementsByClassName("float-right")[0].querySelector("a").remove()
+ }
+
+}
+
+function setLogo() {
+ if(
document.getElementById("swagger-ui").getElementsByClassName("topbar-wrapper").length
> 0){
+
document.getElementById("swagger-ui").getElementsByClassName("topbar-wrapper")[0].getElementsByTagName("img")[0].src
= gatewayUrl + "/images/ranger_logo.png";
+ }
+}
+
+function getSwaggerBaseUrl(url) {
+ var path = url.replace(/\/[\w-]+.(jsp|html)|\/+$/ig, '');
+ splitPath = path.split("/");
+ splitPath.pop();
+ gatewayUrl = splitPath.join("/");
+
+ return window.location.origin + path;
+};
+
+function getAPIUrl(url) {
+ url = new URL(url);
+ var path = url.origin + apiBaseUrl + url.pathname + url.search;
+ return path;
+};
Modified: ranger/site/trunk/issue-tracking.html
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/issue-tracking.html?rev=1909491&r1=1909490&r2=1909491&view=diff
==============================================================================
--- ranger/site/trunk/issue-tracking.html (original)
+++ ranger/site/trunk/issue-tracking.html Sat Apr 29 23:28:12 2023
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8
+ | Generated by Apache Maven Doxia Site Renderer 1.11.1
| Rendered using Apache Maven Fluido Skin 1.6
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
@@ -24,7 +24,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2023-03-31<span
class="divider">|</span>
+ <li id="publishDate">Last Published: 2023-04-29<span
class="divider">|</span>
</li>
<li id="projectVersion">Version: 3.0.0-SNAPSHOT<span
class="divider">|</span></li>
<li class=""><a href="./" title="Ranger">Ranger</a><span
class="divider">/</span></li>
@@ -45,6 +45,7 @@
<li><a href="quick_start_guide.html" title="Quick Start Guide"><span
class="none"></span>Quick Start Guide</a> </li>
<li><a href="apidocs/index.html" title="Ranger REST API
Documentation"><span class="none"></span>Ranger REST API Documentation</a>
</li>
<li><a href="kms/apidocs/index.html" title="Ranger KMS REST API
Documentation"><span class="none"></span>Ranger KMS REST API Documentation</a>
</li>
+ <li><a href="blogs.html" title="Blogs"><span class="none"></span>Blogs</a>
</li>
<li><a href="https://www.apache.org/licenses/"; class="externalLink"
title="License"><span class="none"></span>License</a> </li>
<li class="nav-header">Project Information</li>
<li><a href="project-summary.html" title="Project Summary"><span
class="none"></span>Project Summary</a> </li>
@@ -95,13 +96,12 @@
</div>
</div>
<div id="bodyColumn" class="span10" >
-<div class="section">
+<section>
<h2><a name="Overview"></a>Overview</h2><a name="Overview"></a>
-<p>This project uses <a class="externalLink"
href="http://www.atlassian.com/software/jira";>JIRA</a> a J2EE-based, issue
tracking and project management application.</p></div>
-<div class="section">
+<p>This project uses <a class="externalLink"
href="http://www.atlassian.com/software/jira";>JIRA</a> a J2EE-based, issue
tracking and project management application.</p></section><section>
<h2><a name="Issue_Tracking"></a>Issue Tracking</h2><a
name="Issue_Tracking"></a>
<p>Issues, bugs, and feature requests should be submitted to the following
issue tracking system for this project.</p>
-<div class="source"><pre class="prettyprint linenums"><a class="externalLink"
href="http://issues.apache.org/jira/browse/ranger";>http://issues.apache.org/jira/browse/ranger</a></pre></div></div>
+<div class="source"><pre class="prettyprint linenums"><a class="externalLink"
href="http://issues.apache.org/jira/browse/ranger";>http://issues.apache.org/jira/browse/ranger</a></pre></div></section>
</div>
</div>
</div>
Modified: ranger/site/trunk/license.html
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/license.html?rev=1909491&r1=1909490&r2=1909491&view=diff
==============================================================================
--- ranger/site/trunk/license.html (original)
+++ ranger/site/trunk/license.html Sat Apr 29 23:28:12 2023
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8
+ | Generated by Apache Maven Doxia Site Renderer 1.11.1
| Rendered using Apache Maven Fluido Skin 1.6
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
@@ -24,7 +24,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2023-03-31<span
class="divider">|</span>
+ <li id="publishDate">Last Published: 2023-04-29<span
class="divider">|</span>
</li>
<li id="projectVersion">Version: 3.0.0-SNAPSHOT<span
class="divider">|</span></li>
<li class=""><a href="./" title="Ranger">Ranger</a><span
class="divider">/</span></li>
@@ -45,6 +45,7 @@
<li><a href="quick_start_guide.html" title="Quick Start Guide"><span
class="none"></span>Quick Start Guide</a> </li>
<li><a href="apidocs/index.html" title="Ranger REST API
Documentation"><span class="none"></span>Ranger REST API Documentation</a>
</li>
<li><a href="kms/apidocs/index.html" title="Ranger KMS REST API
Documentation"><span class="none"></span>Ranger KMS REST API Documentation</a>
</li>
+ <li><a href="blogs.html" title="Blogs"><span class="none"></span>Blogs</a>
</li>
<li><a href="https://www.apache.org/licenses/"; class="externalLink"
title="License"><span class="none"></span>License</a> </li>
<li class="nav-header">Project Information</li>
<li><a href="project-summary.html" title="Project Summary"><span
class="none"></span>Project Summary</a> </li>
@@ -95,15 +96,13 @@
</div>
</div>
<div id="bodyColumn" class="span10" >
-<div class="section">
+<section>
<h2><a name="Overview"></a>Overview</h2><a name="Overview"></a>
-<p>Typically the licenses listed for the project are that of the project
itself, and not of dependencies.</p></div>
-<div class="section">
-<h2><a name="Project_License"></a>Project License</h2><a
name="Project_License"></a>
-<div class="section">
+<p>Typically the licenses listed for the project are that of the project
itself, and not of dependencies.</p></section><section>
+<h2><a name="Project_License"></a>Project License</h2><a
name="Project_License"></a><section>
<h3><a name="Apache_2"></a>Apache 2</h3><a name="Apache_2"></a>
<div class="source">
-<pre>-</pre></div></div></div>
+<pre>-</pre></div></section></section>
</div>
</div>
</div>
Modified: ranger/site/trunk/mail-lists.html
URL:
http://svn.apache.org/viewvc/ranger/site/trunk/mail-lists.html?rev=1909491&r1=1909490&r2=1909491&view=diff
==============================================================================
--- ranger/site/trunk/mail-lists.html (original)
+++ ranger/site/trunk/mail-lists.html Sat Apr 29 23:28:12 2023
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8
+ | Generated by Apache Maven Doxia Site Renderer 1.11.1
| Rendered using Apache Maven Fluido Skin 1.6
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
@@ -24,7 +24,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2023-03-31<span
class="divider">|</span>
+ <li id="publishDate">Last Published: 2023-04-29<span
class="divider">|</span>
</li>
<li id="projectVersion">Version: 3.0.0-SNAPSHOT<span
class="divider">|</span></li>
<li class=""><a href="./" title="Ranger">Ranger</a><span
class="divider">/</span></li>
@@ -45,6 +45,7 @@
<li><a href="quick_start_guide.html" title="Quick Start Guide"><span
class="none"></span>Quick Start Guide</a> </li>
<li><a href="apidocs/index.html" title="Ranger REST API
Documentation"><span class="none"></span>Ranger REST API Documentation</a>
</li>
<li><a href="kms/apidocs/index.html" title="Ranger KMS REST API
Documentation"><span class="none"></span>Ranger KMS REST API Documentation</a>
</li>
+ <li><a href="blogs.html" title="Blogs"><span class="none"></span>Blogs</a>
</li>
<li><a href="https://www.apache.org/licenses/"; class="externalLink"
title="License"><span class="none"></span>License</a> </li>
<li class="nav-header">Project Information</li>
<li><a href="project-summary.html" title="Project Summary"><span
class="none"></span>Project Summary</a> </li>
@@ -96,7 +97,7 @@
</div>
</div>
<div id="bodyColumn" class="span10" >
-<div class="section">
+<section>
<h2><a name="Project_Mailing_Lists"></a>Project Mailing Lists</h2><a
name="Project_Mailing_Lists"></a>
<p>These are the mailing lists that have been established for this project.
For each list, there is a subscribe, unsubscribe, and an archive link.</p>
<table border="0" class="table table-striped">
@@ -107,23 +108,23 @@
<th>Post</th>
<th>Archive</th></tr>
<tr class="b">
-<td>User list</td>
+<td align="left">User list</td>
<td><a class="externalLink"
href="mailto:[email protected]";>Subscribe</a></td>
<td><a class="externalLink"
href="mailto:[email protected]";>Unsubscribe</a></td>
<td><a class="externalLink" href="mailto:[email protected]";>Post</a></td>
<td><a class="externalLink"
href="http://mail-archives.apache.org/mod_mbox/ranger-user/";>mail-archives.apache.org</a></td></tr>
<tr class="a">
-<td>Development list</td>
+<td align="left">Development list</td>
<td><a class="externalLink"
href="mailto:[email protected]";>Subscribe</a></td>
<td><a class="externalLink"
href="mailto:[email protected]";>Unsubscribe</a></td>
<td><a class="externalLink" href="mailto:[email protected]";>Post</a></td>
<td><a class="externalLink"
href="http://mail-archives.apache.org/mod_mbox/ranger-dev/";>mail-archives.apache.org</a></td></tr>
<tr class="b">
-<td>Commit list</td>
+<td align="left">Commit list</td>
<td><a class="externalLink"
href="mailto:[email protected]";>Subscribe</a></td>
<td><a class="externalLink"
href="mailto:[email protected]";>Unsubscribe</a></td>
<td><a class="externalLink"
href="mailto:[email protected]";>Post</a></td>
-<td><a class="externalLink"
href="http://mail-archives.apache.org/mod_mbox/ranger-commits/";>mail-archives.apache.org</a></td></tr></table></div>
+<td><a class="externalLink"
href="http://mail-archives.apache.org/mod_mbox/ranger-commits/";>mail-archives.apache.org</a></td></tr></table></section>
</div>
</div>
</div>
![https://maven.apache.org/images/logos/maven-feather.png"](https://maven.apache.org/images/logos/maven-feather.png"){kind=link}
![https://www.apache.org/images/SupportApache-small.png"](https://www.apache.org/images/SupportApache-small.png"){kind=link}
