[jira] [Updated] (RANGER-4165) Support SELF_OR_PREFIX resource matching scope in Ranger Authorization
[ https://issues.apache.org/jira/browse/RANGER-4165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Madhan Neethiraj updated RANGER-4165: - Fix Version/s: 2.5.0 > Support SELF_OR_PREFIX resource matching scope in Ranger Authorization > --- > > Key: RANGER-4165 > URL: https://issues.apache.org/jira/browse/RANGER-4165 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Ramesh Mani >Assignee: Madhan Neethiraj >Priority: Major > Fix For: 3.0.0, 2.5.0 > > > Support SELF_OR_PREFIX resource matching scope in Ranger Authorization > * introduced resource-element matching scope SELF_OR_PREFIX, which can be > used to ask Ranger policy engine the following -- check if a user/group/role > has read access in any path/file under directory /dept/hr/ -- check if a > user/group/role has select access to any table having name that starts with > emp_ under database name hr > * moved SELF_OR_CHILD from enum resource-matching-scope to enum > resource-element-matching-scope > This is need to create an api which can find whether a user/group is > authorized to the given operation on any resource of give type. > This is needed to implement a Ranger Kafka authorizer API which checks if the > caller is authorized to perform the given ACL operation on at least one > resource of the given type. > [https://kafka.apache.org/28/javadoc/org/apache/kafka/server/authorizer/Authorizer.html#authorizeByResourceType(org.apache.kafka.server.authorizer.AuthorizableRequestContext,org.apache.kafka.common.acl.AclOperation,org.apache.kafka.common.resource.ResourceType]) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4165) Support SELF_OR_PREFIX resource matching scope in Ranger Authorization
[ https://issues.apache.org/jira/browse/RANGER-4165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-4165: Description: Support SELF_OR_PREFIX resource matching scope in Ranger Authorization * introduced resource-element matching scope SELF_OR_PREFIX, which can be used to ask Ranger policy engine the following -- check if a user/group/role has read access in any path/file under directory /dept/hr/ -- check if a user/group/role has select access to any table having name that starts with emp_ under database name hr * moved SELF_OR_CHILD from enum resource-matching-scope to enum resource-element-matching-scope This is need to create an api which can find whether a user/group is authorized to the given operation on any resource of give type. This is needed to implement a Ranger Kafka authorizer API which checks if the caller is authorized to perform the given ACL operation on at least one resource of the given type. [https://kafka.apache.org/28/javadoc/org/apache/kafka/server/authorizer/Authorizer.html#authorizeByResourceType(org.apache.kafka.server.authorizer.AuthorizableRequestContext,org.apache.kafka.common.acl.AclOperation,org.apache.kafka.common.resource.ResourceType]) was: Support SELF_OR_PREFIX resource matching scope in Ranger Authorization This is need to create an api which can find whether a user/group is authorized to the given operation on any resource of give type. This is needed to implement a Ranger Kafka authorizer API which checks if the caller is authorized to perform the given ACL operation on at least one resource of the given type. [https://kafka.apache.org/28/javadoc/org/apache/kafka/server/authorizer/Authorizer.html#authorizeByResourceType(org.apache.kafka.server.authorizer.AuthorizableRequestContext,org.apache.kafka.common.acl.AclOperation,org.apache.kafka.common.resource.ResourceType]) > Support SELF_OR_PREFIX resource matching scope in Ranger Authorization > --- > > Key: RANGER-4165 > URL: https://issues.apache.org/jira/browse/RANGER-4165 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Ramesh Mani >Assignee: Madhan Neethiraj >Priority: Major > > Support SELF_OR_PREFIX resource matching scope in Ranger Authorization > * introduced resource-element matching scope SELF_OR_PREFIX, which can be > used to ask Ranger policy engine the following -- check if a user/group/role > has read access in any path/file under directory /dept/hr/ -- check if a > user/group/role has select access to any table having name that starts with > emp_ under database name hr > * moved SELF_OR_CHILD from enum resource-matching-scope to enum > resource-element-matching-scope > This is need to create an api which can find whether a user/group is > authorized to the given operation on any resource of give type. > This is needed to implement a Ranger Kafka authorizer API which checks if the > caller is authorized to perform the given ACL operation on at least one > resource of the given type. > [https://kafka.apache.org/28/javadoc/org/apache/kafka/server/authorizer/Authorizer.html#authorizeByResourceType(org.apache.kafka.server.authorizer.AuthorizableRequestContext,org.apache.kafka.common.acl.AclOperation,org.apache.kafka.common.resource.ResourceType]) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4165) Support SELF_OR_PREFIX resource matching scope in Ranger Authorization
[ https://issues.apache.org/jira/browse/RANGER-4165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-4165: Description: Support SELF_OR_PREFIX resource matching scope in Ranger Authorization This is need to create an api which can find whether a user/group is authorized to the given operation on any resource of give type. This is needed to implement a Ranger Kafka authorizer API which checks if the caller is authorized to perform the given ACL operation on at least one resource of the given type. [https://kafka.apache.org/28/javadoc/org/apache/kafka/server/authorizer/Authorizer.html#authorizeByResourceType(org.apache.kafka.server.authorizer.AuthorizableRequestContext,org.apache.kafka.common.acl.AclOperation,org.apache.kafka.common.resource.ResourceType]) was: API to find whether a user/group is authorized to the given operation on any resource of give type. This is needed to implement a Ranger Kafka authorizer API which checks if the caller is authorized to perform the given ACL operation on at least one resource of the given type. [https://kafka.apache.org/28/javadoc/org/apache/kafka/server/authorizer/Authorizer.html#authorizeByResourceType(org.apache.kafka.server.authorizer.AuthorizableRequestContext,org.apache.kafka.common.acl.AclOperation,org.apache.kafka.common.resource.ResourceType]) > Support SELF_OR_PREFIX resource matching scope in Ranger Authorization > --- > > Key: RANGER-4165 > URL: https://issues.apache.org/jira/browse/RANGER-4165 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > > Support SELF_OR_PREFIX resource matching scope in Ranger Authorization > This is need to create an api which can find whether a user/group is > authorized to the given operation on any resource of give type. > This is needed to implement a Ranger Kafka authorizer API which checks if the > caller is authorized to perform the given ACL operation on at least one > resource of the given type. > [https://kafka.apache.org/28/javadoc/org/apache/kafka/server/authorizer/Authorizer.html#authorizeByResourceType(org.apache.kafka.server.authorizer.AuthorizableRequestContext,org.apache.kafka.common.acl.AclOperation,org.apache.kafka.common.resource.ResourceType]) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4165) Support SELF_OR_PREFIX resource matching scope in Ranger Authorization
[ https://issues.apache.org/jira/browse/RANGER-4165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-4165: Summary: Support SELF_OR_PREFIX resource matching scope in Ranger Authorization (was: API to find whether a user/group is authorized to the given operation on any resource of give type) > Support SELF_OR_PREFIX resource matching scope in Ranger Authorization > --- > > Key: RANGER-4165 > URL: https://issues.apache.org/jira/browse/RANGER-4165 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > > API to find whether a user/group is authorized to the given operation on any > resource of give type. > This is needed to implement a Ranger Kafka authorizer API which checks if the > caller is authorized to perform the given ACL operation on at least one > resource of the given type. > [https://kafka.apache.org/28/javadoc/org/apache/kafka/server/authorizer/Authorizer.html#authorizeByResourceType(org.apache.kafka.server.authorizer.AuthorizableRequestContext,org.apache.kafka.common.acl.AclOperation,org.apache.kafka.common.resource.ResourceType]) -- This message was sent by Atlassian Jira (v8.20.10#820010)
