I'm looking for suggestions on how best to implement this scenario.
1. User1 creates a table in their database. This should trigger the
automatic creation of a Ranger policy granting User1 full access to the table.
2. User1 transfers ownership of the table to User2. The Ranger policy is
u
ist of REST APIs for managing services and policies. It is possible to
use either policy-id or service-name and policy-name to update existing policy.
Also, you may want to look at applyPolicy() API which may be suitable for your
use case.
Thanks,
-Abhay
From: Eric Alton mailto:sultanape
Our Ranger plugin does not support column level access policies, but we want to
support column masking. I've been playing around with the servicedef file, and
can not get column to only appear in the masking policies. Is there a way to do
this?
(top level) resources: schema is a parent of tabl
in the masking policies?
Are you using out of the box Hive Ranger Plugin? Or is it a custom Ranger
plugin?
Bosco
From: Eric Alton
Reply-To:
Date: Tuesday, June 26, 2018 at 2:14 PM
To: "user@ranger.apache.org"
Subject: Can the resource 'column' only exist in the masking
code and see where you are getting
the error.
Madhan or Ramesh who are more familiar with the code might have more insights.
Bosco
From: Eric Alton
Reply-To:
Date: Tuesday, June 26, 2018 at 7:18 PM
To: "user@ranger.apache.org"
Subject: Re: Can the resource 'column'
expect the
user to have atleast “select” access to the column in order for the column
masking to be evaluated for that user.
So that means column level resource authorization checks has to bypassed and
go to data masking policy evaluation. I strongly feel that we are looking for
some
atever is entered in the column’s field. After you get everything
working, we should be able to update Ranger to make this field optional or
non-visible.
Bosco
From: Eric Alton
Reply-To:
Date: Wednesday, June 27, 2018 at 2:08 PM
To: "user@ranger.apache.org"
Subject: Re: Can the r
We have a custom Ranger plugin that requires the Ranger admin user (ie
amb_ranger_admin) exist when the plugin is enabled. If a built-in service
plugin such as Hive is enabled prior to our custom plugin, this user will be
created in Ranger automatically. If the user does not exist, we provide
i