----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74057/ -----------------------------------------------------------
(Updated Aug. 12, 2022, 5:58 p.m.) Review request for ranger and Madhan Neethiraj. Repository: ranger Description ------- It would be nice to be able to do fine-grained access control (FGA) over nested structures, e.g., the JSON responses of API calls. This requires the individual attributes in a JSON object to be first-class metadata objects which can be tagged and on which policies can be written. We have built a plugin and the corresponding Apache Atlas metadata structures and tagsync-mapper to support TBAC/RBAC/ABAC FGA over JSON structures. Our instigating use case was FGA over the JSON responses of API calls, but this plugin has potential value anywhere FGA over the individual attributes of nested structures is needed, eg JSON messages read from Kafka topics. Diffs (updated) ----- plugin-nestedstructure/NOTICE 8772a4fba plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/AccessResult.java bf4a32501 plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/DataMasker.java f630799b0 plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/FieldLevelAccess.java 0d27d36ec plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/JsonManipulator.java 57030f277 plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/MaskTypes.java 6464cfc06 plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/MaskingException.java 316973db7 plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/NestedStructureAccessType.java 92f099051 plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/NestedStructureAuthorizer.java bd2f509e7 plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/NestedStructureResource.java ff4706519 plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/NestedStructureService.java 15b6f21c9 plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/RecordFilterJavaScript.java 77767767c plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/ExampleClient.java af32aff99 tagsync/src/main/java/org/apache/ranger/tagsync/nestedstructureplugin/AtlasNestedStructureResourceMapper.java 71dd70b7f tagsync/src/test/java/org/apache/ranger/tagsync/nestedstructureplugin/ResourceTests.java 05ca49e82 Diff: https://reviews.apache.org/r/74057/diff/5/ Changes: https://reviews.apache.org/r/74057/diff/4-5/ Testing ------- File Attachments (updated) ---------------- 0001-patch-with-edits-based-on-OS-review.patch https://reviews.apache.org/media/uploaded/files/2022/07/26/9d048baa-1968-4201-b213-1b807ed02587__0001-patch-with-edits-based-on-OS-review.patch original patch https://reviews.apache.org/media/uploaded/files/2022/07/27/5d6d9df2-b661-4d03-bba3-3f08cb26c32e__3809-plugin-nestedstructure-RANGER-3828-with-tagsync-Atla.patch RANGER-3828-3.patch https://reviews.apache.org/media/uploaded/files/2022/07/28/6367376f-0582-450c-a1e5-e61d982b5ff2__RANGER-3828-3.patch RANGER-3828-4.patch https://reviews.apache.org/media/uploaded/files/2022/08/11/f4f107af-b79e-4c9e-a406-24881e4107ca__RANGER-3828-4.patch 0001-updated-license-header.patch https://reviews.apache.org/media/uploaded/files/2022/08/12/e9d41650-3562-40cd-829f-589dc3083d5f__0001-updated-license-header.patch Thanks, Barbara Eckman
