Madhan Neethiraj created RANGER-2232:
----------------------------------------
Summary: Security Zones feature in Apache Ranger
Key: RANGER-2232
URL: https://issues.apache.org/jira/browse/RANGER-2232
Project: Ranger
Issue Type: New Feature
Components: admin
Reporter: Madhan Neethiraj
This is to introduce a new abstraction in Apache Ranger that would allow
carving/bucketing of resources in a service into multiple zones, for better
administration of security policies. This would enable multiple administrators
to setup security policies for a service – based on the zones to which they
have been granted administration rights.
For example, let us consider 2 security zones ‘finance’ and ‘sales’:
- Security zone ‘finance’ includes all contents in Hive database named
‘finance’
- Security zone ‘sales’ includes all contents in ‘sales’ database
- Set of users and groups are designated as administrators each zone
- Users are allowed to setup policies only in zones in which they are
administrators
- Policies defined in a zone are applicable only for resources of the zone
- A zone can be extended to include resource from multiple services like HDFS,
Hive, HBase, Kafka, .., allowing administrators of a zone to setup policies for
resources owned by their organization across multiple services.
- Audit logs will include name of the zone in which the accessed resource
resides. Only users having appropriate permissions on the security zone can
view its audit logs.
Attached document has more details on various aspects of Security Zones.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
