[ https://issues.apache.org/jira/browse/RANGER-1999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Madhan Neethiraj updated RANGER-1999: ------------------------------------- Attachment: RANGER-1999.patch > Policy evaluation to support multiple values for accessed resource > ------------------------------------------------------------------ > > Key: RANGER-1999 > URL: https://issues.apache.org/jira/browse/RANGER-1999 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Madhan Neethiraj > Assignee: Madhan Neethiraj > Priority: Major > Attachments: RANGER-1999.patch > > > While evaluating access requests, Ranger policy engine picks policies based > on the resource value specified in the access request. Currently > access-resource abstraction only supports a single value for each > resource-type - like database/table/column. Authorization of access to some > resources might require the policy engine to pick policies based on multiple > values for a resource. > For example, consider access authorization for an entity in Apache Atlas. An > entity has a specific-type and a number of super-types - example: > type=database super-types=[dataset, asset]. While authorizing access to a > database entity, policies specified for its super-types, dataset and asset, > should also be evaluated. > To enable such usecases, Ranger policy evaluation needs to be enhanced to > support a list of value for a resource. Policies that match for any of the > given values should be evaluated to determine the access result. Note that > this enhancement doesn't require any updates to the policy model; the changes > are needed only in the policy-engine. -- This message was sent by Atlassian JIRA (v7.6.3#76005)