All, Tag-based policies feature implementation is now merged in Apache Ranger master branch (from tag-policy branch). Going forward, any updates to tag-based policies implementation will be done the master and no updates are expected in tag-policy branch.
This feature is a significant addition to Apache Ranger, which enables separation of resource-classification and access authorization roles. This feature empowers security administrators to use a single policy to control access to resources across various Hadoop components. The implementation also includes integration with Apache Atlas<http://atlas.incubator.apache.org>, a data governance and metadata framework for Hadoop, which supports classification of resources and other feature like lineage. Here are documents for the features added to master with this merge: * Tag-based policies<https://cwiki.apache.org/confluence/display/RANGER/Tag+Based+Policies> * Tag Synchronizer<https://cwiki.apache.org/confluence/display/RANGER/Tag+Synchronizer+Installation+and+Configuration> * Deny conditions<https://cwiki.apache.org/confluence/display/RANGER/Deny-conditions+and+excludes+in+Ranger+policies> * Geo-location based policies<https://cwiki.apache.org/confluence/display/RANGER/Geo-location+based+policies> It took a very dedicated set of Rangers – Abhay, Gautam, Bosco, Balaji, Selva, Vel, Alok, Ramesh, Erik, Tom, and more – to make this happen! Go Rangers!! Thanks, Madhan
