[
https://issues.apache.org/jira/browse/RANGER-1999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Madhan Neethiraj updated RANGER-1999:
-------------------------------------
Attachment: RANGER-1999.patch
> Policy evaluation to support multiple values for accessed resource
> ------------------------------------------------------------------
>
> Key: RANGER-1999
> URL: https://issues.apache.org/jira/browse/RANGER-1999
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Priority: Major
> Attachments: RANGER-1999.patch
>
>
> While evaluating access requests, Ranger policy engine picks policies based
> on the resource value specified in the access request. Currently
> access-resource abstraction only supports a single value for each
> resource-type - like database/table/column. Authorization of access to some
> resources might require the policy engine to pick policies based on multiple
> values for a resource.
> For example, consider access authorization for an entity in Apache Atlas. An
> entity has a specific-type and a number of super-types - example:
> type=database super-types=[dataset, asset]. While authorizing access to a
> database entity, policies specified for its super-types, dataset and asset,
> should also be evaluated.
> To enable such usecases, Ranger policy evaluation needs to be enhanced to
> support a list of value for a resource. Policies that match for any of the
> given values should be evaluated to determine the access result. Note that
> this enhancement doesn't require any updates to the policy model; the changes
> are needed only in the policy-engine.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
