You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Barbara Eckman via Review Board <no...@reviews.apache.org> on 2022/07/13 23:02:45 UTC
Review Request 74057: Plugin for Fine-grained Access Control over nested structures
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74057/
-----------------------------------------------------------
Review request for ranger.
Repository: ranger
Description
-------
It would be nice to be able to do fine-grained access control (FGA) over nested structures, e.g., the JSON responses of API calls. This requires the individual attributes in a JSON object to be first-class metadata objects which can be tagged and on which policies can be written. We have built a plugin and the corresponding Apache Atlas metadata structures and tagsync-mapper to support TBAC/RBAC/ABAC FGA over JSON structures. Our instigating use case was FGA over the JSON responses of API calls, but this plugin has potential value anywhere FGA over the individual attributes of nested structures is needed, eg JSON messages read from Kafka topics.
Diffs
-----
plugin-nestedstructure/CONTRIBUTING PRE-CREATION
plugin-nestedstructure/LICENSE PRE-CREATION
plugin-nestedstructure/NOTICE PRE-CREATION
plugin-nestedstructure/README.md PRE-CREATION
plugin-nestedstructure/conf/log4j.properties PRE-CREATION
plugin-nestedstructure/conf/nestedstructure_servicedef.json PRE-CREATION
plugin-nestedstructure/conf/ranger-nestedstructure-audit.xml PRE-CREATION
plugin-nestedstructure/conf/ranger-nestedstructure-policymgr-ssl.xml PRE-CREATION
plugin-nestedstructure/conf/ranger-nestedstructure-security.xml PRE-CREATION
plugin-nestedstructure/pom.xml PRE-CREATION
plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/AccessResult.java PRE-CREATION
plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/DataMasker.java PRE-CREATION
plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/ExampleClient.java PRE-CREATION
plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/FieldLevelAccess.java PRE-CREATION
plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/JsonManipulator.java PRE-CREATION
plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/MaskTypes.java PRE-CREATION
plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/MaskingException.java PRE-CREATION
plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/NestedStructureAccessType.java PRE-CREATION
plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/NestedStructureAuthorizer.java PRE-CREATION
plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/NestedStructure_Resource.java PRE-CREATION
plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/NestedStructure_Service.java PRE-CREATION
plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/RecordFilterJavaScript.java PRE-CREATION
plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestDataMasker.java PRE-CREATION
plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestJsonManipulator.java PRE-CREATION
plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestRecordFilterJavaScript.java PRE-CREATION
pom.xml 0945f4b1d
tagsync/src/main/java/org/apache/ranger/tagsync/nestedstructureplugin/AtlasNestedStructureResourceMapper.java PRE-CREATION
tagsync/src/test/java/org/apache/ranger/tagsync/nestedstructureplugin/ResourceTests.java PRE-CREATION
Diff: https://reviews.apache.org/r/74057/diff/1/
Testing
-------
Thanks,
Barbara Eckman