[jira] [Updated] (RANGER-3828) Fine-grained Access Control over nested structures

Wed, 13 Jul 2022 15:55:06 -0700 


     [ 
https://issues.apache.org/jira/browse/RANGER-3828?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Barbara Eckman updated RANGER-3828:
-----------------------------------
    Description: 
It would be nice to be able to do fine-grained access control (FGA) over nested 
structures, e.g., the JSON responses of API calls.  This requires the 
individual attributes in a JSON object to be first-class metadata objects which 
can be tagged and on which policies can be written.  We have built a plugin and 
the corresponding Apache Atlas metadata structures and tagsync-mapper to 
support TBAC/RBAC/ABAC FGA over JSON structures.   Our instigating use case was 
FGA over the JSON responses of API calls, but this plugin has potential value 
anywhere FGA over the individual attributes of nested structures is needed, eg 
JSON messages read from Kafka topics.

 

  was:
It would be nice to be able to do fine-grained access control (FGA) over nested 
structures, e.g., the JSON responses of API calls.  This requires the 
individual attributes in a JSON object to be first-class metadata objects which 
can be tagged and on which policies can be written.  We have built a plugin and 
the corresponding Apache Atlas metadata structures and tagsync-mapper to 
support TBAC/RBAC/ABAC FGA over JSON structures.   Our instigating use case was 
FGA over the JSON responses of API calls, but this plugin has potential value 
anywhere FGA over the individual attributes of nested structures is needed, eg 
JSON messages read from Kafka topics.

*patch is coming soon* 


> Fine-grained Access Control over nested structures
> --------------------------------------------------
>
>                 Key: RANGER-3828
>                 URL: https://issues.apache.org/jira/browse/RANGER-3828
>             Project: Ranger
>          Issue Type: New Feature
>          Components: plugins, Ranger
>            Reporter: Barbara Eckman
>            Priority: Major
>
> It would be nice to be able to do fine-grained access control (FGA) over 
> nested structures, e.g., the JSON responses of API calls.  This requires the 
> individual attributes in a JSON object to be first-class metadata objects 
> which can be tagged and on which policies can be written.  We have built a 
> plugin and the corresponding Apache Atlas metadata structures and 
> tagsync-mapper to support TBAC/RBAC/ABAC FGA over JSON structures.   Our 
> instigating use case was FGA over the JSON responses of API calls, but this 
> plugin has potential value anywhere FGA over the individual attributes of 
> nested structures is needed, eg JSON messages read from Kafka topics.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to