[
https://issues.apache.org/jira/browse/RANGER-5369?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Madhan Neethiraj reassigned RANGER-5369:
----------------------------------------
Assignee: Madhan Neethiraj
> policy engine support for service-managed ACLs
> ----------------------------------------------
>
> Key: RANGER-5369
> URL: https://issues.apache.org/jira/browse/RANGER-5369
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Priority: Major
>
> Apache Ranger policies are used to authorize access to data or resources in a
> wide variety applications including:
> * file systems/object stores: HDFS, Ozone
> * data analysis engines: Hive, Presto, Trino, Kudu, Kylin
> * streaming: Kafka, NiFi
> * document stores: Solr, Elasticsearch, HBase
> * metadata services: HMS, Atlas, Schema Registry
> * API endpoints: Knox
> * key management: KMS
> * vendor supported: AWS S3, ADLS-Gen2, GCS, Snowflake, Postgres, MySQL,
> MS-SQL, Oracle, Vertica, AI inference service, and more
> Services having native capability to manage ACLs (like HDFS) might require
> authorization to honor service-managed (i.e., native) ACLs along with grants
> managed in Apache Ranger. This is curently supported in HDFS authorizer,
> where the authorizer plugin defers to HDFS native authorizer when there is no
> Ranger policy to authorize the access.
> Having Ranger authorization library support the notion of service-managed
> ACLs can help services leverage both service-managed ACLs and Ranger policies
> to authorize accesses.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
