[ https://issues.apache.org/jira/browse/RANGER-2302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bolke de Bruin updated RANGER-2302: ----------------------------------- Attachment: 0001-RANGER-2302-Add-client-tags.patch > Clients should be able to add tag information to access requests > ---------------------------------------------------------------- > > Key: RANGER-2302 > URL: https://issues.apache.org/jira/browse/RANGER-2302 > Project: Ranger > Issue Type: Bug > Components: tagsync > Affects Versions: 1.2.0 > Reporter: Bolke de Bruin > Priority: Major > Labels: tags > Attachments: 0001-RANGER-2302-Add-client-tags.patch > > > Ranger currently assumes that clients are tag unaware. It, for example, syncs > tag information with Atlas. This has several issues: > # It assumes Ranger is the single source of truth connecting resource and > tag information > # As the tagsync is not happening realtime (either due to Kafka delay or due > to caching) security issues can pop up. E.g. copy a file with PII info to > different location has a time window that Ranger is unaware of the tag. > If the client is tag aware it could supply the tags that it knows of as part > of the request. This ensures immediate availability and propagation of tags. > A backward compatible implementation could be to use > {color:#9876aa}KEY_USER_TAGS {color}with a delimiter as part of the > RangerAccessResource request and have RangerTagEnricher pick up these tags -- This message was sent by Atlassian JIRA (v7.6.3#76005)