Larry McCay created KNOX-3268:
---------------------------------
Summary: Add {username} variable for Dynamic Path Based ACLs
Key: KNOX-3268
URL: https://issues.apache.org/jira/browse/KNOX-3268
Project: Apache Knox
Issue Type: Improvement
Components: Authorization
Reporter: Larry McCay
Assignee: Larry McCay
Fix For: 3.0.0
Let's extend the path based acls syntax to also support dynamic variable within
a path such as {username}. This would mean that the path could check the
authenticated user against a particular resource path being requested within a
regex expression.
This could provide the ability to grant authenticated users to things like user
specific namespaces or home directories.
KNOX-3267 could pave the way for user specific namespaces within credential
stores. In which case an API to retrieve their credentials within their
namespace could be provide and protected to grant access only to their own
namespace.
We may also be able to extend the same for {group-in} for namespace access
granted to specific groups.
This needs continued thought and discussion.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
