[
https://issues.apache.org/jira/browse/RANGER-3550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Madhan Neethiraj updated RANGER-3550:
-------------------------------------
Description:
Enhancing row-filtering (introduced in Ranger 0.6.0 - RANGER-908) to enable use
of user attributes in filter expressions can help address a wider set of use
cases, including the following:
# restrict users to see only records of the department they belong to:
{code:java}
dept = '${{USER.dept}}'{code}
# restrict users to see only records assigned to them:
{code:java}
assignee = '${{USER._name}}'{code}
In addition, it will be useful to be able to refer user/tag attributes in
condition expressions, as shown in following examples:
# allow access only for full-time users:
{code:java}
${{USER.employeeType == 'full-time'}}{code}
# allow access only if VISIBILITY tag has attribute type set to public:
{code:java}
${{TAGS.VISIBILITY.type == 'public'}}{code}
was:
Enhancing row-filtering (introduced in Ranger 0.6.0 - RANGER-908) to enable use
of user attributes in filter expressions can help address a wider set of use
cases, including the following:
# restrict users to see only records of the department they belong to:
{code}dept = '${{USER.dept}}'{code}
# restrict users to see only records assigned to them: {code}assignee =
'${{USER._name}}'{code}
In addition, it will be useful to be able to refer user/tag attributes in
condition expressions, as shown in following examples:
# allow access only for full-time users: {code}${{USER.employeeType ==
'full-time'}}{code}
# allow access only if VISIBILITY tag has attribute type set to public:
{code}${{TAGS.VISIBILITY.type == 'public'}}{code}
> support for using user/tag attributes in row-filter expressions and conditions
> ------------------------------------------------------------------------------
>
> Key: RANGER-3550
> URL: https://issues.apache.org/jira/browse/RANGER-3550
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Priority: Major
>
> Enhancing row-filtering (introduced in Ranger 0.6.0 - RANGER-908) to enable
> use of user attributes in filter expressions can help address a wider set of
> use cases, including the following:
> # restrict users to see only records of the department they belong to:
> {code:java}
> dept = '${{USER.dept}}'{code}
> # restrict users to see only records assigned to them:
> {code:java}
> assignee = '${{USER._name}}'{code}
>
> In addition, it will be useful to be able to refer user/tag attributes in
> condition expressions, as shown in following examples:
> # allow access only for full-time users:
> {code:java}
> ${{USER.employeeType == 'full-time'}}{code}
> # allow access only if VISIBILITY tag has attribute type set to public:
> {code:java}
> ${{TAGS.VISIBILITY.type == 'public'}}{code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
