[
https://issues.apache.org/jira/browse/RANGER-2302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bolke de Bruin updated RANGER-2302:
-----------------------------------
Attachment: 0001-RANGER-2302-Add-client-tags.patch
> Clients should be able to add tag information to access requests
> ----------------------------------------------------------------
>
> Key: RANGER-2302
> URL: https://issues.apache.org/jira/browse/RANGER-2302
> Project: Ranger
> Issue Type: Bug
> Components: tagsync
> Affects Versions: 1.2.0
> Reporter: Bolke de Bruin
> Priority: Major
> Labels: tags
> Attachments: 0001-RANGER-2302-Add-client-tags.patch
>
>
> Ranger currently assumes that clients are tag unaware. It, for example, syncs
> tag information with Atlas. This has several issues:
> # It assumes Ranger is the single source of truth connecting resource and
> tag information
> # As the tagsync is not happening realtime (either due to Kafka delay or due
> to caching) security issues can pop up. E.g. copy a file with PII info to
> different location has a time window that Ranger is unaware of the tag.
> If the client is tag aware it could supply the tags that it knows of as part
> of the request. This ensures immediate availability and propagation of tags.
> A backward compatible implementation could be to use
> {color:#9876aa}KEY_USER_TAGS {color}with a delimiter as part of the
> RangerAccessResource request and have RangerTagEnricher pick up these tags
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
