Madhan Neethiraj created RANGER-2829:
----------------------------------------
Summary: support to specify super-users/groups and
audit-exclude-users/groups via plugin config
Key: RANGER-2829
URL: https://issues.apache.org/jira/browse/RANGER-2829
Project: Ranger
Issue Type: Improvement
Components: plugins
Reporter: Madhan Neethiraj
Assignee: Madhan Neethiraj
Updates in RANGER-785 added APIs for Ranger plugin implementations to specify
list of users/groups for whom all access should be allowed without requiring
explicit policies. This is useful for services like HBase, Kafka which have the
notion of super users/groups. In addition, updates in RANGER-2780 added APIs to
specify list of users/groups/roles for whom audit logs are to be skipped.
The plugin implementation need to explicitly call these APIs to specify list of
super users/groups, and audit-exclude users/groups/roles. Enhancing
RangerBasePlugin to read such users/groups/roles list from plugin configuration
will help avoid each implementation to call these APIs.
For example, with the following configurations in
{{ranger-kafka-security.xml}}, Kafka plugin should allow all accesses to user
{{kafka}}, and not generate audit logs for accesses from user {{kafka}}:
{noformat}
ranger.plugin.kafka.super.users=kafka
ranger.plugin.kafka.audit.exclude.users=kafka{noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
