Bolke de Bruin created RANGER-2302:
--------------------------------------
Summary: Clients should be able to add tag information to access
requests
Key: RANGER-2302
URL: https://issues.apache.org/jira/browse/RANGER-2302
Project: Ranger
Issue Type: Bug
Components: tagsync
Affects Versions: 1.2.0
Reporter: Bolke de Bruin
Ranger currently assumes that clients are tag unaware. It, for example, syncs
tag information with Atlas. This has several issues:
# It assumes Ranger is the single source of truth connecting resource and tag
information
# As the tagsync is not happening realtime (either due to Kafka delay or due
to caching) security issues can pop up. E.g. copy a file with PII info to
different location has a time window that Ranger is unaware of the tag.
If the client is tag aware it could supply the tags that it knows of as part of
the request. This ensures immediate availability and propagation of tags.
A backward compatible implementation could be to use
{color:#9876aa}KEY_USER_TAGS {color}with a delimiter as part of the
RangerAccessResource request and have RangerTagEnricher pick up these tags
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
