[ https://issues.apache.org/jira/browse/RANGER-4165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17707414#comment-17707414 ]
Madhan Neethiraj commented on RANGER-4165: ------------------------------------------ {quote}This is needed to implement a Ranger Kafka authorizer API which checks if the caller is authorized to perform the given ACL operation on at least one resource of the given type. {quote} [~rmani] - as you called out, there is no way to ask the policy-engine to find if a given user has specific access on _any_ resource of a given type. For example, find if user1 has WRITE access on _any_ TOPIC. This will require special provision to represent *_any_* TOPIC. One option to consider is to use a value like '**' to represent _*any*_ resource, similar to {{{}RangerAbstractResourceMatcher.WILDCARD_ASTERISK{}}}. And have resource matcher implementations updated to handle this special case. > API to find whether a user/group is authorized to the give operation on any > resource of give type > ------------------------------------------------------------------------------------------------- > > Key: RANGER-4165 > URL: https://issues.apache.org/jira/browse/RANGER-4165 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Affects Versions: 3.0.0 > Reporter: Ramesh Mani > Assignee: Ramesh Mani > Priority: Major > > API to find whether a user/group is authorized to the give operation on any > resource of give type. > This is needed to implement a Ranger Kafka authorizer API which checks if the > caller is authorized to perform the given ACL operation on at least one > resource of the given type. > https://kafka.apache.org/28/javadoc/org/apache/kafka/server/authorizer/Authorizer.html#authorizeByResourceType(org.apache.kafka.server.authorizer.AuthorizableRequestContext,org.apache.kafka.common.acl.AclOperation,org.apache.kafka.common.resource.ResourceType) -- This message was sent by Atlassian Jira (v8.20.10#820010)