You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Mert Hocanin (Jira)" <ji...@apache.org> on 2020/04/07 17:11:00 UTC
[jira] [Comment Edited] (RANGER-2774) Enhance RangerBasePlugin to
be able to retrieve all policies for a user, and list of groups.
[ https://issues.apache.org/jira/browse/RANGER-2774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17077422#comment-17077422 ]
Mert Hocanin edited comment on RANGER-2774 at 4/7/20, 5:10 PM:
---------------------------------------------------------------
My previous commit was written a while ago and the API's in RangerPolicyEngine was changed and the code no longer is applicable so I removed it. I have re-worked the code but would love to get some feedback on it before I go ahead and productionalize it. I have reviewed some of the Ranger Code base and looked for API's that do similar things but I was not able to find one. I will put it up on review board for the purposes of soliciting feedback. Essentially, the code is iterating through all the RangerPolicy's and obtaining all policies that match a user or group, and then asking the policy engine to validate if the particular user/group/resource is allowed, given the tag, deny, etc policies. I believe this achieves what we are looking for.
was (Author: mert_hoc):
My previous commit was written a while ago and the API's in RangerPolicyEngine was changed and the code no longer is applicable so I removed it. I have re-worked the code but would love to get some feedback on it before I go ahead and productionalize it. I have reviewed some of the Ranger Code base and looked for API's that do similar things but I was not able to find one. I will put it up on review board for the purposes of eliciting feedback. Essentially, the code is iterating through all the RangerPolicy's and obtaining all policies that match a user or group, and then asking the policy engine to validate if the particular user/group/resource is allowed, given the tag, deny, etc policies. I believe this achieves what we are looking for.
> Enhance RangerBasePlugin to be able to retrieve all policies for a user, and list of groups.
> --------------------------------------------------------------------------------------------
>
> Key: RANGER-2774
> URL: https://issues.apache.org/jira/browse/RANGER-2774
> Project: Ranger
> Issue Type: New Feature
> Components: Ranger
> Reporter: Mert Hocanin
> Assignee: Mert Hocanin
> Priority: Minor
>
> Currently, the RangerBasePlugin has API's that given a RangerAccessRequest, it will return a RangerAccessResult which returns basically whether the access is grantable or not. However, there are certain use cases where a developer may want to pull all policies that a user and list of groups may have access to. One use case that we had in mind was to translate a policy from a calling user to another policy management system.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)