Madhan Neethiraj created RANGER-5369:
----------------------------------------
Summary: policy engine support for service-managed ACLs
Key: RANGER-5369
URL: https://issues.apache.org/jira/browse/RANGER-5369
Project: Ranger
Issue Type: Improvement
Components: plugins
Reporter: Madhan Neethiraj
Apache Ranger policies are used to authorize access to data or resources in a
wide variety applications including:
* file systems/object stores: HDFS, Ozone
* data analysis engines: Hive, Presto, Trino, Kudu, Kylin
* streaming: Kafka, NiFi
* document stores: Solr, Elasticsearch, HBase
* metadata services: HMS, Atlas, Schema Registry
* API endpoints: Knox
* key management: KMS
* vendor supported: AWS S3, ADLS-Gen2, GCS, Snowflake, Postgres, MySQL,
MS-SQL, Oracle, Vertica, AI inference service, and more
Services having native capability to manage ACLs (like HDFS) might require
authorization to honor service-managed (i.e., native) ACLs along with grants
managed in Apache Ranger. This is curently supported in HDFS authorizer, where
the authorizer plugin defers to HDFS native authorizer when there is no Ranger
policy to authorize the access.
Having Ranger authorization library support the notion of service-managed ACLs
can help services leverage both service-managed ACLs and Ranger policies to
authorize accesses.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
