Edward Zhang created RANGER-699:
-----------------------------------
Summary: higher level policy API to hide complexity of policy
update/create/delete
Key: RANGER-699
URL: https://issues.apache.org/jira/browse/RANGER-699
Project: Ranger
Issue Type: Improvement
Components: admin
Affects Versions: 0.6.0
Reporter: Edward Zhang
Fix For: 0.6.0
Ranger has very good fine-grained policy API with which user can define access
control rules for any resource. But sometimes it is not human being but third
party tools may use Ranger policy API to temporarily block or unblock user. The
third party tool just wants to simply tell Ranger that "please block/unblock
this user from accessing resource A" and the third party tool is not able to
analyze the complicated scenarios as follows:
1. The exactly same rule already exists for resource A
2. The current rules for resource A includes the new rule implicitly
3. There is no any rules for resource A
If it's admin to operate the policy, admin can analyze policy semantics and
will figure out it's to create a new policy or update an existing policy.
To better support integration from third party tool, Ranger can provide a
higher level API which accepts request like "block user access to one resource"
and internally figure out what policy to create/update.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
