[ https://issues.apache.org/jira/browse/RANGER-2774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17077422#comment-17077422 ]
Mert Hocanin edited comment on RANGER-2774 at 4/7/20, 5:10 PM: --------------------------------------------------------------- My previous commit was written a while ago and the API's in RangerPolicyEngine was changed and the code no longer is applicable so I removed it. I have re-worked the code but would love to get some feedback on it before I go ahead and productionalize it. I have reviewed some of the Ranger Code base and looked for API's that do similar things but I was not able to find one. I will put it up on review board for the purposes of soliciting feedback. Essentially, the code is iterating through all the RangerPolicy's and obtaining all policies that match a user or group, and then asking the policy engine to validate if the particular user/group/resource is allowed, given the tag, deny, etc policies. I believe this achieves what we are looking for. was (Author: mert_hoc): My previous commit was written a while ago and the API's in RangerPolicyEngine was changed and the code no longer is applicable so I removed it. I have re-worked the code but would love to get some feedback on it before I go ahead and productionalize it. I have reviewed some of the Ranger Code base and looked for API's that do similar things but I was not able to find one. I will put it up on review board for the purposes of eliciting feedback. Essentially, the code is iterating through all the RangerPolicy's and obtaining all policies that match a user or group, and then asking the policy engine to validate if the particular user/group/resource is allowed, given the tag, deny, etc policies. I believe this achieves what we are looking for. > Enhance RangerBasePlugin to be able to retrieve all policies for a user, and > list of groups. > -------------------------------------------------------------------------------------------- > > Key: RANGER-2774 > URL: https://issues.apache.org/jira/browse/RANGER-2774 > Project: Ranger > Issue Type: New Feature > Components: Ranger > Reporter: Mert Hocanin > Assignee: Mert Hocanin > Priority: Minor > > Currently, the RangerBasePlugin has API's that given a RangerAccessRequest, > it will return a RangerAccessResult which returns basically whether the > access is grantable or not. However, there are certain use cases where a > developer may want to pull all policies that a user and list of groups may > have access to. One use case that we had in mind was to translate a policy > from a calling user to another policy management system. -- This message was sent by Atlassian Jira (v8.3.4#803005)