[ https://issues.apache.org/jira/browse/RANGER-698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15465769#comment-15465769 ]
Abhay Kulkarni commented on RANGER-698: --------------------------------------- [~bganesan] At present, the only "variable" supported in policy-resource-specification of a ranger-policy is "{USER}". However, the design is generic so that a sophisticated user of ranger can easily add and reference any other custom "variable" by 1. assigning suitable value to the variable and populating access-request-context with it by providing a custom request-enricher, and 2. writing a policy whose policy-resource specification refers to this variable. Of course, the user-name of any containing policy-item for such policy should be "{USER}". Thanks! CC [~mad...@apache.org] [~bosco] [~sneethiraj] > Ranger policy should support variables like $user > ------------------------------------------------- > > Key: RANGER-698 > URL: https://issues.apache.org/jira/browse/RANGER-698 > Project: Ranger > Issue Type: Improvement > Affects Versions: 0.7.0 > Reporter: Don Bosco Durai > Assignee: Abhay Kulkarni > Fix For: 0.7.0 > > > It would be good to support variables in resources and users. > E.g. > HDFS Resource = /home/$user > or > Table Resource = ${user}_* > Users allowed = $user > Where $user will be expanded to the current user. > I think, resource substitution will be easy. For permission, we can use key > word like we use for all users group="public". We can use key word like > "USER" or something like that. -- This message was sent by Atlassian JIRA (v6.3.4#6332)