[
https://issues.apache.org/jira/browse/RANGER-698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15415663#comment-15415663
]
Madhan Neethiraj edited comment on RANGER-698 at 8/10/16 5:52 PM:
------------------------------------------------------------------
Support for variables in Ranger policy resource values can make it easy to
manage policies; in many cases can help use a single policy to manage access
permissions for a large number of resources. For example, following policies
can be used to set permissions for all home directories/user specific databases:
{code}
HDFS: path=/home/{user}/*; user={user}; permission=read,write,execute
Hive: database={user}_db; table=*; column=*; user={user}; permission=all
{code}
was (Author: madhan.neethiraj):
Support for variables in Ranger policy resource values can make it easy to
manage policies; in many cases can help use a single policy to manage access
permissions for multiple resources. For example, following policy can be used
to set permissions for all home directories: {code}path="/home/{user}/";
user="{user}"; permission=read,write,execute{code}
> Ranger policy should support variables like $user
> -------------------------------------------------
>
> Key: RANGER-698
> URL: https://issues.apache.org/jira/browse/RANGER-698
> Project: Ranger
> Issue Type: Improvement
> Reporter: Don Bosco Durai
> Fix For: 0.7.0
>
>
> It would be good to support variables in resources and users.
> E.g.
> HDFS Resource = /home/$user
> or
> Table Resource = ${user}_*
> Users allowed = $user
> Where $user will be expanded to the current user.
> I think, resource substitution will be easy. For permission, we can use key
> word like we use for all users group="public". We can use key word like
> "USER" or something like that.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
