[
https://issues.apache.org/jira/browse/RANGER-3997?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Madhan Neethiraj updated RANGER-3997:
-------------------------------------
Description:
Consider following row-filter expression that refers to a user attribute:
{code:java}
dept = ${{USER.dept}}{code}
For this expression to evaluate correctly, all users who run query on the table
should have an attribute named dept. To handle users for whom this attribute is
not defined, an additional policy-item would be required, as shown below:
{noformat}
1. "condition": "!HAS_USER_ATTR('dept')", "filterExpr": "dept = -1"
2. "filterExpr": "dept = ${{USER.dept}}"{noformat}
Ability to use a default value when the attribute doesn't exist will eliminate
the need for the additional policy item, like:
{noformat}
"filterExpr": "dept = ${{GET_USER_ATTR('dept', -1)}}{noformat}
Added following macros to support optional default value:
- GET_TAG_NAMES(), GET_TAG_NAMES('none')
was:
Consider following row-filter expression that refers to a user attribute:
{code:java}
dept = ${{USER.dept}}{code}
For this expression to evaluate correctly, all users who run query on the table
should have an attribute named dept. To handle users for whom this attribute is
not defined, an additional policy-item would be required, as shown below:
{noformat}
1. "condition": "!HAS_USER_ATTR('dept')", "filterExpr": "dept = -1"
2. "filterExpr": "dept = ${{USER.dept}}"{noformat}
Ability to use a default value when the attribute doesn't exist will eliminate
the need for the additional policy item, like:
{noformat}
"filterExpr": "dept = ${{GET_USER_ATTR('dept', -1)}}{noformat}
> option to use default value when user/group/tag does not have the attribute
> ---------------------------------------------------------------------------
>
> Key: RANGER-3997
> URL: https://issues.apache.org/jira/browse/RANGER-3997
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Priority: Major
> Fix For: 3.0.0, 2.4.0
>
> Attachments: RANGER-3997.patch
>
>
> Consider following row-filter expression that refers to a user attribute:
> {code:java}
> dept = ${{USER.dept}}{code}
>
> For this expression to evaluate correctly, all users who run query on the
> table should have an attribute named dept. To handle users for whom this
> attribute is not defined, an additional policy-item would be required, as
> shown below:
> {noformat}
> 1. "condition": "!HAS_USER_ATTR('dept')", "filterExpr": "dept = -1"
>
> 2. "filterExpr": "dept = ${{USER.dept}}"{noformat}
>
> Ability to use a default value when the attribute doesn't exist will
> eliminate the need for the additional policy item, like:
> {noformat}
> "filterExpr": "dept = ${{GET_USER_ATTR('dept', -1)}}{noformat}
>
> Added following macros to support optional default value:
>
> - GET_TAG_NAMES(), GET_TAG_NAMES('none')
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
