Hi, I would like to ask a question regarding Ranger behaviors.
With Ranger in picture, every time a user creates a resource (for example, a Hive table), (In this case, the user is the owner of that table and expects to have full access to that table) is the Ranger plugin supposed to create a policy automatically allowing the user to have access to that table? or is the Ranger administrator expected to manually create a policy to allow the access for that user ? What is the best practice here? I am asking this question because we are implementing a Ranger plugin with our own project within my company. We are having a hard time deciding if we need to implement the part which automatically creates a policy for newly created resources. I guess I am asking the Ranger philosophy here since Ranger is supposed to be the security control center. But If a new policy gets created every time, there would be a huge number of policies on Ranger side and performance would be affected by the number. But if Ranger doesn't create new policies automatically for newly created resources, users would not be able to access the resources that they just created and would be confused. And the control would be more strict and it would be more difficult for the ranger admin to manage multiple users. I would appreciate it for any advice! Thanks!
