[
https://issues.apache.org/jira/browse/RANGER-2774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17077422#comment-17077422
]
Mert Hocanin edited comment on RANGER-2774 at 4/7/20, 5:10 PM:
---------------------------------------------------------------
My previous commit was written a while ago and the API's in RangerPolicyEngine
was changed and the code no longer is applicable so I removed it. I have
re-worked the code but would love to get some feedback on it before I go ahead
and productionalize it. I have reviewed some of the Ranger Code base and looked
for API's that do similar things but I was not able to find one. I will put it
up on review board for the purposes of soliciting feedback. Essentially, the
code is iterating through all the RangerPolicy's and obtaining all policies
that match a user or group, and then asking the policy engine to validate if
the particular user/group/resource is allowed, given the tag, deny, etc
policies. I believe this achieves what we are looking for.
was (Author: mert_hoc):
My previous commit was written a while ago and the API's in RangerPolicyEngine
was changed and the code no longer is applicable so I removed it. I have
re-worked the code but would love to get some feedback on it before I go ahead
and productionalize it. I have reviewed some of the Ranger Code base and looked
for API's that do similar things but I was not able to find one. I will put it
up on review board for the purposes of eliciting feedback. Essentially, the
code is iterating through all the RangerPolicy's and obtaining all policies
that match a user or group, and then asking the policy engine to validate if
the particular user/group/resource is allowed, given the tag, deny, etc
policies. I believe this achieves what we are looking for.
> Enhance RangerBasePlugin to be able to retrieve all policies for a user, and
> list of groups.
> --------------------------------------------------------------------------------------------
>
> Key: RANGER-2774
> URL: https://issues.apache.org/jira/browse/RANGER-2774
> Project: Ranger
> Issue Type: New Feature
> Components: Ranger
> Reporter: Mert Hocanin
> Assignee: Mert Hocanin
> Priority: Minor
>
> Currently, the RangerBasePlugin has API's that given a RangerAccessRequest,
> it will return a RangerAccessResult which returns basically whether the
> access is grantable or not. However, there are certain use cases where a
> developer may want to pull all policies that a user and list of groups may
> have access to. One use case that we had in mind was to translate a policy
> from a calling user to another policy management system.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
