APIs to create, update, and delete policies

I'm looking for suggestions on how best to implement this scenario. 1. User1 creates a table in their database. This should trigger the automatic creation of a Ranger policy granting User1 full access to the table. 2. User1 transfers ownership of the table to User2. The Ranger policy is u

Re: APIs to create, update, and delete policies

ist of REST APIs for managing services and policies. It is possible to use either policy-id or service-name and policy-name to update existing policy. Also, you may want to look at applyPolicy() API which may be suitable for your use case. Thanks, -Abhay From: Eric Alton mailto:sultanape

Can the resource 'column' only exist in the masking policies?

Our Ranger plugin does not support column level access policies, but we want to support column masking. I've been playing around with the servicedef file, and can not get column to only appear in the masking policies. Is there a way to do this? (top level) resources: schema is a parent of tabl

Re: Can the resource 'column' only exist in the masking policies?

in the masking policies? Are you using out of the box Hive Ranger Plugin? Or is it a custom Ranger plugin? Bosco From: Eric Alton Reply-To: Date: Tuesday, June 26, 2018 at 2:14 PM To: "user@ranger.apache.org" Subject: Can the resource 'column' only exist in the masking

Re: Can the resource 'column' only exist in the masking policies?

code and see where you are getting the error. Madhan or Ramesh who are more familiar with the code might have more insights. Bosco From: Eric Alton Reply-To: Date: Tuesday, June 26, 2018 at 7:18 PM To: "user@ranger.apache.org" Subject: Re: Can the resource 'column'

Re: Can the resource 'column' only exist in the masking policies?

expect the user to have atleast “select” access to the column in order for the column masking to be evaluated for that user. So that means column level resource authorization checks has to bypassed and go to data masking policy evaluation. I strongly feel that we are looking for some

Re: Can the resource 'column' only exist in the masking policies?

atever is entered in the column’s field. After you get everything working, we should be able to update Ranger to make this field optional or non-visible. Bosco From: Eric Alton Reply-To: Date: Wednesday, June 27, 2018 at 2:08 PM To: "user@ranger.apache.org" Subject: Re: Can the r

Is there a Ranger REST v2 API to create users?

We have a custom Ranger plugin that requires the Ranger admin user (ie amb_ranger_admin) exist when the plugin is enabled. If a built-in service plugin such as Hive is enabled prior to our custom plugin, this user will be created in Ranger automatically. If the user does not exist, we provide i