You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geode.apache.org by Nilkanth Patel <ni...@gmail.com> on 2018/03/01 11:06:21 UTC

Row-Level security with key as a regex

Hi Team,

I am exploring row-level security with Geode and observed that exact key
has to be provided in security configuration (for example:
DATA:READ:MyRegion:*system*).

Is there any way to provide Key as a regex (*admin*) ..?  I want to achieve
row-level security on all keys containing *system* as a sub-string.
Providing each key in security-config is very cumbersome.

-Nilkanth.

Re: Row-Level security with key as a regex

Posted by Nilkanth Patel <ni...@gmail.com>.

Jens, Thanks for your reply, now i get this.
As you said, implementing the required authorization behavior in
SecurityManager.authorize() callback is way to go.

Thanks,
Nilkanth.

On Thu, Mar 1, 2018 at 7:32 PM, Jens Deppe <je...@apache.org> wrote:

> Hi Nilkanth,
>
> It's basically up to the provided SecurityManager how to handle the
> ResourcePermission passed into it.
>
> So in your implementation could be as simple as:
>
>     if (rp.getKey() != null && rp.getKey().contains("system") {...}
>
> Are you perhaps looking at a specific SecurityManager implementation?
>
> --Jens
>
> On Thu, Mar 1, 2018 at 3:06 AM, Nilkanth Patel <ni...@gmail.com>
> wrote:
>
> > Hi Team,
> >
> > I am exploring row-level security with Geode and observed that exact key
> > has to be provided in security configuration (for example:
> > DATA:READ:MyRegion:*system*).
> >
> > Is there any way to provide Key as a regex (*admin*) ..?  I want to
> achieve
> > row-level security on all keys containing *system* as a sub-string.
> > Providing each key in security-config is very cumbersome.
> >
> > -Nilkanth.
> >
>

Re: Row-Level security with key as a regex

Posted by Jens Deppe <je...@apache.org>.

Hi Nilkanth,

It's basically up to the provided SecurityManager how to handle the
ResourcePermission passed into it.

So in your implementation could be as simple as:

    if (rp.getKey() != null && rp.getKey().contains("system") {...}

Are you perhaps looking at a specific SecurityManager implementation?

--Jens

On Thu, Mar 1, 2018 at 3:06 AM, Nilkanth Patel <ni...@gmail.com>
wrote:

> Hi Team,
>
> I am exploring row-level security with Geode and observed that exact key
> has to be provided in security configuration (for example:
> DATA:READ:MyRegion:*system*).
>
> Is there any way to provide Key as a regex (*admin*) ..?  I want to achieve
> row-level security on all keys containing *system* as a sub-string.
> Providing each key in security-config is very cumbersome.
>
> -Nilkanth.
>