Madhan Neethiraj created RANGER-4117:
----------------------------------------
Summary: service-def option to include expression condition
implictly
Key: RANGER-4117
URL: https://issues.apache.org/jira/browse/RANGER-4117
Project: Ranger
Issue Type: Improvement
Components: Ranger
Reporter: Madhan Neethiraj
Assignee: Madhan Neethiraj
Ranger policies support condition expressions that enable users to setup
access-control/masking/row-filter based on various criteria including
user/group/tag attributes. To use such expressions in policies, service-defs
need to be updated to add following condition-def:
{code:java}
"conditions: [
{
"name": "expression",
"evaluator":
"org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator",
"label": "Enter boolean expression",
"description": "Boolean expression"
}
] {code}
Instead of requiring updates to every service-def, it will help to implicitly
include above in all service-def. However, it should be possible for a
service-def to opt out of this, via service-def option.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
