Madhan Neethiraj created RANGER-3550:
----------------------------------------
Summary: support for using user/tag attributes in row-filter
expressions and conditions
Key: RANGER-3550
URL: https://issues.apache.org/jira/browse/RANGER-3550
Project: Ranger
Issue Type: Improvement
Components: plugins
Reporter: Madhan Neethiraj
Assignee: Madhan Neethiraj
Enhancing row-filtering (introduced in Ranger 0.6.0 - RANGER-908) to enable use
of user attributes in filter expressions can help address a wider set of use
cases, including the following:
# restrict users to see only records of the department they belong to: _dept =
'${\{USER.dept}}'_
# restrict users to see only records assigned to them: _assignee =
'${\{USER._name}}'_
In addition, it will be useful to be able to refer user/tag attributes in
condition expressions, as shown in following examples:
# allow access only for full-time users: _${\{USER.employeeType ==
'full-time'}}_
# allow access only if VISIBILITY tag has attribute type set to public:
_${\{TAGS.VISIBILITY.type == 'public'}}_
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
