[jira] [Updated] (RANGER-3550) support for using user/tag attributes in row-filter expressions and conditions

[Madhan Neethiraj (Jira)]

     [ 
https://issues.apache.org/jira/browse/RANGER-3550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Madhan Neethiraj updated RANGER-3550:
-------------------------------------
    Description: 
Enhancing row-filtering (introduced in Ranger 0.6.0 - RANGER-908) to enable use 
of user attributes in filter expressions can help address a wider set of use 
cases, including the following: 
 # restrict users to see only records of the department they belong to: 
{code}dept = '${{USER.dept}}'{code} 
 # restrict users to see only records assigned to them: {code}assignee = 
'${{USER._name}}'{code} 

 

In addition, it will be useful to be able to refer user/tag attributes in 
condition expressions, as shown in following examples:
 # allow access only for full-time users: {code}${{USER.employeeType == 
'full-time'}}{code}
 # allow access only if VISIBILITY tag has attribute type set to public: 
{code}${{TAGS.VISIBILITY.type == 'public'}}{code}

  was:
Enhancing row-filtering (introduced in Ranger 0.6.0 - RANGER-908) to enable use 
of user attributes in filter expressions can help address a wider set of use 
cases, including the following: 
 # restrict users to see only records of the department they belong to: _dept = 
'${\{USER.dept}}'_ 
 # restrict users to see only records assigned to them: _assignee = 
'${\{USER._name}}'_ 

 

In addition, it will be useful to be able to refer user/tag attributes in 
condition expressions, as shown in following examples:
 # allow access only for full-time users: _${\{USER.employeeType == 
'full-time'}}_
 # allow access only if VISIBILITY tag has attribute type set to public: 
_${\{TAGS.VISIBILITY.type == 'public'}}_


> support for using user/tag attributes in row-filter expressions and conditions
> ------------------------------------------------------------------------------
>
>                 Key: RANGER-3550
>                 URL: https://issues.apache.org/jira/browse/RANGER-3550
>             Project: Ranger
>          Issue Type: Improvement
>          Components: plugins
>            Reporter: Madhan Neethiraj
>            Assignee: Madhan Neethiraj
>            Priority: Major
>
> Enhancing row-filtering (introduced in Ranger 0.6.0 - RANGER-908) to enable 
> use of user attributes in filter expressions can help address a wider set of 
> use cases, including the following: 
>  # restrict users to see only records of the department they belong to: 
> {code}dept = '${{USER.dept}}'{code} 
>  # restrict users to see only records assigned to them: {code}assignee = 
> '${{USER._name}}'{code} 
>  
> In addition, it will be useful to be able to refer user/tag attributes in 
> condition expressions, as shown in following examples:
>  # allow access only for full-time users: {code}${{USER.employeeType == 
> 'full-time'}}{code}
>  # allow access only if VISIBILITY tag has attribute type set to public: 
> {code}${{TAGS.VISIBILITY.type == 'public'}}{code}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)