Hello, If I make an access request to a Ranger plugin with a user specified in the request, but no groups, can the plugin lookup the groups for said user? This assumes that an identity service is syncing users and group membership to Ranger (we do this with AD) and that users and groups are synced from Ranger to the service plugin (I'm not sure if this happens). Is this a supported capability, and what if anything must I do do enable it?
The problem I am trying to solve is that I have group based policies, but the origin service does not currently have any group information in the request principal, only a user id. I could of course build functionality to look this up but if feels like something that Ranger is probably doing anyway. Thanks, Elliot.
