You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Liam Sargent (JIRA)" <ji...@apache.org> on 2018/03/26 19:12:00 UTC
[jira] [Updated] (SENTRY-2189) Static Attribute Ingestion
[ https://issues.apache.org/jira/browse/SENTRY-2189?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Liam Sargent updated SENTRY-2189:
---------------------------------
Issue Type: New Feature (was: Bug)
> Static Attribute Ingestion
> --------------------------
>
> Key: SENTRY-2189
> URL: https://issues.apache.org/jira/browse/SENTRY-2189
> Project: Sentry
> Issue Type: New Feature
> Reporter: Liam Sargent
> Assignee: Liam Sargent
> Priority: Major
> Labels: ABAC
>
> Static (file-based) attribute provider for Sentry ABAC.
> Attributes are string "tags" used to define a feature of the data which may require additional access control steps for security and compliance.
> Since Sentry already provides role-based access control, we must be able to define actions to take on data objects based on attribute/role combinations.
> For instance, a column marked with the attribute "Sensitive Data" may be visible to someone with "ROLE_ADMIN", but needs to be NULLed for someone with the the role "SALES", etc. This relationship can be modeled and effectively leveraged at query time with a specialized Bidirectional map object providing low latency lookup between Attribute/Role and Object/Action, and vice versa.
> Attribute/Role->Object/Action definitions will be provided as a JSON object, or as JSON delta updates to existing definitions. This implementation will parse the definitions into the specialized Java object to provide near-O(1) lookup from Attribute/Role -> Object/Action, and from Object -> Attribute/Role associations.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)