You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Ramesh Mani (Jira)" <ji...@apache.org> on 2023/03/31 18:54:00 UTC
[jira] [Commented] (RANGER-4165) API to find whether a user/group is authorized to the give operation on any resource of give type
[ https://issues.apache.org/jira/browse/RANGER-4165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17707395#comment-17707395 ]
Ramesh Mani commented on RANGER-4165:
-------------------------------------
[~madhan@apache.org] [~abhayk]
Currently policeEngine apis doesn't have a way to figure of this request. All we can do it run through all the polices and find all the resources of given type and run the authorizer for each of those resources found for the call. This may not be the efficient way to get the result.
Is there a better way to find this like having cache for resources in the policies and run through the policy engine?
> API to find whether a user/group is authorized to the give operation on any resource of give type
> -------------------------------------------------------------------------------------------------
>
> Key: RANGER-4165
> URL: https://issues.apache.org/jira/browse/RANGER-4165
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Reporter: Ramesh Mani
> Assignee: Ramesh Mani
> Priority: Major
>
> API to find whether a user/group is authorized to the give operation on any resource of give type.
> This is needed to implement a Ranger Kafka authorizer API which checks if the caller is authorized to perform the given ACL operation on at least one resource of the given type.
> https://kafka.apache.org/28/javadoc/org/apache/kafka/server/authorizer/Authorizer.html#authorizeByResourceType(org.apache.kafka.server.authorizer.AuthorizableRequestContext,org.apache.kafka.common.acl.AclOperation,org.apache.kafka.common.resource.ResourceType)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)