Re: Queries on the developement for a new custom plugin

2015-12-21 Thread Madhan Neethiraj
Aruna, >> If user "aruna" does any other action, other than submit-app on the resource >> "default". Then the audit log will show the result as "denied". In this >> case, should the policy id which is 656 be shown along with the "denied" >> result, or the id will be a blank field. Lets say the

Re: Queries on the developement for a new custom plugin

2015-12-17 Thread Madhan Neethiraj
Aruna, >> However, the policyId still shows blank. Is this the right behavior? Ranger populates policyId field in audit log only when that policy makes the authorization decision – either allow or deny. In this particular case, no policy explicitly allowed or denied the access. The end result

Re: Queries on the developement for a new custom plugin

2015-12-15 Thread Madhan Neethiraj
Aruna, >> 2nd case --> if a different user "it3" does a "submit-app" on the "default" >> queue, then the audit log shows the result as "denied". However, the policy >> id is blank, is this the right behavior? the isAccessAllowed returns “Denied" Since there was no policy that allowed the

Re: Queries on the developement for a new custom plugin

2015-12-14 Thread Aruna Sivaram
Bosco, Thanks for a very detailed explanation, it has given me a very good perspective on how ranger works/can be used. Our use case is that we plan to use apache ranger for authorization of a home grown application that is non hadoop in nature. As we are using ranger for the authorization for

Re: Queries on the developement for a new custom plugin

2015-12-11 Thread Don Bosco Durai
Aruna, can you give more detail on what you are trying to achieve? I was searching for integration design diagram, but couldn’t find one. We will work on creating one. In the meanwhile, here is the high level. Ranger plugins run within the component process. It gives a light java library, which

Re: Queries on the developement for a new custom plugin

2015-12-10 Thread Ramesh Mani
If you have created a CustomService, and if you want to authorize the access of components/resources in your CustomService, then you need to have default authorizer in your CustomService to do authorization, which you will extend in your Ranger custom plugin and will be called when your

Re: Queries on the developement for a new custom plugin

2015-12-10 Thread Ramesh Mani
Please find the answer below. From: Aruna Sivaram > Reply-To: "user@ranger.incubator.apache.org" > Date: Thursday, December

Queries on the developement for a new custom plugin

2015-12-09 Thread Aruna Sivaram
I am using ranger 0.5 for the access control. We are planning to develop a custom plugin which we plan to integrate with the ranger framework. This custom plugin will be used for access control of our components. In order to explore this possibility, i have written a custom plugin as per the