[
https://issues.apache.org/jira/browse/RANGER-2774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17081982#comment-17081982
]
Madhan Neethiraj commented on RANGER-2774:
------------------------------------------
bq. to pull all policies that a user and list of groups may have access to
[~mert_hoc] - does "all policies" refer to policies where a given user (or a
group to which the user belongs to) is given any access? Or the policies in
which user has delegated-admin permission? Note that Ranger policies can be
sophisticated like deny/exceptions/dynamic-conditions/tag-based
policies/zone-aware; so it is critical to be clear on what the desired result
is.
It will help to state a number of use cases, with a set of policies having
above characteristics, and the expected policy list to be returned for each
case.
> Enhance RangerBasePlugin to be able to retrieve all policies for a user, and
> list of groups.
> --------------------------------------------------------------------------------------------
>
> Key: RANGER-2774
> URL: https://issues.apache.org/jira/browse/RANGER-2774
> Project: Ranger
> Issue Type: New Feature
> Components: Ranger
> Reporter: Mert Hocanin
> Assignee: Mert Hocanin
> Priority: Minor
>
> Currently, the RangerBasePlugin has API's that given a RangerAccessRequest,
> it will return a RangerAccessResult which returns basically whether the
> access is grantable or not. However, there are certain use cases where a
> developer may want to pull all policies that a user and list of groups may
> have access to. One use case that we had in mind was to translate a policy
> from a calling user to another policy management system.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
