[
https://issues.apache.org/jira/browse/RANGER-2232?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Velmurugan Periasamy updated RANGER-2232:
-----------------------------------------
Fix Version/s: 2.0.0
> Security Zones feature in Apache Ranger
> ---------------------------------------
>
> Key: RANGER-2232
> URL: https://issues.apache.org/jira/browse/RANGER-2232
> Project: Ranger
> Issue Type: New Feature
> Components: admin
> Reporter: Madhan Neethiraj
> Assignee: Abhay Kulkarni
> Priority: Major
> Fix For: 2.0.0
>
> Attachments: Apache Ranger - Security Zones.pdf
>
>
> This is to introduce a new abstraction in Apache Ranger that would allow
> carving/bucketing of resources in a service into multiple zones, for better
> administration of security policies. This would enable multiple
> administrators to setup security policies for a service – based on the zones
> to which they have been granted administration rights.
> For example, let us consider 2 security zones ‘finance’ and ‘sales’:
> - Security zone ‘finance’ includes all contents in Hive database named
> ‘finance’
> - Security zone ‘sales’ includes all contents in ‘sales’ database
> - Set of users and groups are designated as administrators each zone
> - Users are allowed to setup policies only in zones in which they are
> administrators
> - Policies defined in a zone are applicable only for resources of the zone
> - A zone can be extended to include resource from multiple services like
> HDFS, Hive, HBase, Kafka, .., allowing administrators of a zone to setup
> policies for resources owned by their organization across multiple services.
> - Audit logs will include name of the zone in which the accessed resource
> resides. Only users having appropriate permissions on the security zone can
> view its audit logs.
> Attached document has more details on various aspects of Security Zones.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
