Review Request 74057: Plugin for Fine-grained Access Control over nested structures

[Barbara Eckman via Review Board <no...@reviews.apache.org>]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74057/
-----------------------------------------------------------

Review request for ranger.


Repository: ranger


Description
-------

It would be nice to be able to do fine-grained access control (FGA) over nested structures, e.g., the JSON responses of API calls.  This requires the individual attributes in a JSON object to be first-class metadata objects which can be tagged and on which policies can be written.  We have built a plugin and the corresponding Apache Atlas metadata structures and tagsync-mapper to support TBAC/RBAC/ABAC FGA over JSON structures.   Our instigating use case was FGA over the JSON responses of API calls, but this plugin has potential value anywhere FGA over the individual attributes of nested structures is needed, eg JSON messages read from Kafka topics.


Diffs
-----

  plugin-nestedstructure/CONTRIBUTING PRE-CREATION 
  plugin-nestedstructure/LICENSE PRE-CREATION 
  plugin-nestedstructure/NOTICE PRE-CREATION 
  plugin-nestedstructure/README.md PRE-CREATION 
  plugin-nestedstructure/conf/log4j.properties PRE-CREATION 
  plugin-nestedstructure/conf/nestedstructure_servicedef.json PRE-CREATION 
  plugin-nestedstructure/conf/ranger-nestedstructure-audit.xml PRE-CREATION 
  plugin-nestedstructure/conf/ranger-nestedstructure-policymgr-ssl.xml PRE-CREATION 
  plugin-nestedstructure/conf/ranger-nestedstructure-security.xml PRE-CREATION 
  plugin-nestedstructure/pom.xml PRE-CREATION 
  plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/AccessResult.java PRE-CREATION 
  plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/DataMasker.java PRE-CREATION 
  plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/ExampleClient.java PRE-CREATION 
  plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/FieldLevelAccess.java PRE-CREATION 
  plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/JsonManipulator.java PRE-CREATION 
  plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/MaskTypes.java PRE-CREATION 
  plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/MaskingException.java PRE-CREATION 
  plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/NestedStructureAccessType.java PRE-CREATION 
  plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/NestedStructureAuthorizer.java PRE-CREATION 
  plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/NestedStructure_Resource.java PRE-CREATION 
  plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/NestedStructure_Service.java PRE-CREATION 
  plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/RecordFilterJavaScript.java PRE-CREATION 
  plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestDataMasker.java PRE-CREATION 
  plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestJsonManipulator.java PRE-CREATION 
  plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestRecordFilterJavaScript.java PRE-CREATION 
  pom.xml 0945f4b1d 
  tagsync/src/main/java/org/apache/ranger/tagsync/nestedstructureplugin/AtlasNestedStructureResourceMapper.java PRE-CREATION 
  tagsync/src/test/java/org/apache/ranger/tagsync/nestedstructureplugin/ResourceTests.java PRE-CREATION 


Diff: https://reviews.apache.org/r/74057/diff/1/


Testing
-------


Thanks,

Barbara Eckman