Madhan Neethiraj created RANGER-2829: ----------------------------------------
Summary: support to specify super-users/groups and audit-exclude-users/groups via plugin config Key: RANGER-2829 URL: https://issues.apache.org/jira/browse/RANGER-2829 Project: Ranger Issue Type: Improvement Components: plugins Reporter: Madhan Neethiraj Assignee: Madhan Neethiraj Updates in RANGER-785 added APIs for Ranger plugin implementations to specify list of users/groups for whom all access should be allowed without requiring explicit policies. This is useful for services like HBase, Kafka which have the notion of super users/groups. In addition, updates in RANGER-2780 added APIs to specify list of users/groups/roles for whom audit logs are to be skipped. The plugin implementation need to explicitly call these APIs to specify list of super users/groups, and audit-exclude users/groups/roles. Enhancing RangerBasePlugin to read such users/groups/roles list from plugin configuration will help avoid each implementation to call these APIs. For example, with the following configurations in {{ranger-kafka-security.xml}}, Kafka plugin should allow all accesses to user {{kafka}}, and not generate audit logs for accesses from user {{kafka}}: {noformat} ranger.plugin.kafka.super.users=kafka ranger.plugin.kafka.audit.exclude.users=kafka{noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005)