You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@sentry.apache.org by "Liam Sargent (JIRA)" <ji...@apache.org> on 2018/03/26 19:12:00 UTC

[jira] [Created] (SENTRY-2189) Static Attribute Ingestion

Liam Sargent created SENTRY-2189:
------------------------------------

             Summary: Static Attribute Ingestion
                 Key: SENTRY-2189
                 URL: https://issues.apache.org/jira/browse/SENTRY-2189
             Project: Sentry
          Issue Type: Bug
            Reporter: Liam Sargent
            Assignee: Liam Sargent


Static (file-based) attribute provider for Sentry ABAC.

Attributes are string "tags" used to define a feature of the data which may require additional access control steps for security and compliance.

Since Sentry already provides role-based access control, we must be able to define actions to take on data objects based on attribute/role combinations.

For instance, a column marked with the attribute "Sensitive Data" may be visible to someone with "ROLE_ADMIN", but needs to be NULLed for someone with the the role "SALES", etc. This relationship can be modeled and effectively leveraged at query time with a specialized Bidirectional map object providing low latency lookup between Attribute/Role and Object/Action, and vice versa.

Attribute/Role->Object/Action definitions will be provided as a JSON object, or as JSON delta updates to existing definitions. This implementation will parse the definitions into the specialized Java object to provide near-O(1) lookup from Attribute/Role -> Object/Action, and from Object -> Attribute/Role associations.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)