[
https://issues.apache.org/jira/browse/RANGER-406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15467911#comment-15467911
]
Don Bosco Durai commented on RANGER-406:
----------------------------------------
Interesting feedback. You should look in to Ranger Dynamic Policies. It helps
extending the default behavior and so provides ability to enrich the context
information from different sources (e.g. IP lookup). Your asynchronous action
can be easily implemented with Dynamic Policies.
For others, we will have to look into case by case. E.g. in HBase, we could
potentially alter the write request, but in Hive/Spark, the data might be
loaded by offline mechanism.
> Policy manager should support a way to just ask for auditability instead of
> access (and auditability).
> ------------------------------------------------------------------------------------------------------
>
> Key: RANGER-406
> URL: https://issues.apache.org/jira/browse/RANGER-406
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
> Reporter: Alok Lal
>
> For some cases like Hbase where superusers are exempt from access validation
> getting a lightweight way to just check for auditability would be beneficial
> and performant.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
