You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Liam Sargent (JIRA)" <ji...@apache.org> on 2018/03/26 19:12:00 UTC
[jira] [Created] (SENTRY-2189) Static Attribute Ingestion
Liam Sargent created SENTRY-2189:
------------------------------------
Summary: Static Attribute Ingestion
Key: SENTRY-2189
URL: https://issues.apache.org/jira/browse/SENTRY-2189
Project: Sentry
Issue Type: Bug
Reporter: Liam Sargent
Assignee: Liam Sargent
Static (file-based) attribute provider for Sentry ABAC.
Attributes are string "tags" used to define a feature of the data which may require additional access control steps for security and compliance.
Since Sentry already provides role-based access control, we must be able to define actions to take on data objects based on attribute/role combinations.
For instance, a column marked with the attribute "Sensitive Data" may be visible to someone with "ROLE_ADMIN", but needs to be NULLed for someone with the the role "SALES", etc. This relationship can be modeled and effectively leveraged at query time with a specialized Bidirectional map object providing low latency lookup between Attribute/Role and Object/Action, and vice versa.
Attribute/Role->Object/Action definitions will be provided as a JSON object, or as JSON delta updates to existing definitions. This implementation will parse the definitions into the specialized Java object to provide near-O(1) lookup from Attribute/Role -> Object/Action, and from Object -> Attribute/Role associations.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)