Hello, can anyone give me any insights on this? On Wed, 5 May 2021 at 10:30, Elliot West <tea...@gmail.com> wrote:
> Hello, > > If I make an access request to a Ranger plugin with a user specified in > the request, but no groups, can the plugin lookup the groups for said user? > This assumes that an identity service is syncing users and group membership > to Ranger (we do this with AD) and that users and groups are synced from > Ranger to the service plugin (I'm not sure if this happens). Is this a > supported capability, and what if anything must I do do enable it? > > The problem I am trying to solve is that I have group based policies, but > the origin service does not currently have any group information in the > request principal, only a user id. I could of course build functionality to > look this up but if feels like something that Ranger is probably doing > anyway. > > Thanks, > > Elliot. > > >
