You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Pradeep Agrawal (Jira)" <ji...@apache.org> on 2021/12/29 10:38:00 UTC
[jira] [Commented] (RANGER-3550) support for using user/tag attributes in row-filter expressions and conditions
[ https://issues.apache.org/jira/browse/RANGER-3550?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466397#comment-17466397 ]
Pradeep Agrawal commented on RANGER-3550:
-----------------------------------------
[~madhan] : Please close the RR [https://reviews.apache.org/r/73759/]
> support for using user/tag attributes in row-filter expressions and conditions
> ------------------------------------------------------------------------------
>
> Key: RANGER-3550
> URL: https://issues.apache.org/jira/browse/RANGER-3550
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Priority: Major
> Fix For: 3.0.0, 2.3.0
>
>
> Enhancing row-filtering (introduced in Ranger 0.6.0 - RANGER-908) to enable use of user attributes in filter expressions can help address a wider set of use cases, including the following:
> # restrict users to see only records of the department they belong to:
> {code:java}
> dept = '${{USER.dept}}'{code}
> # restrict users to see only records assigned to them:
> {code:java}
> assignee = '${{USER._name}}'{code}
>
> In addition, it will be useful to be able to refer user/tag attributes in condition expressions, as shown in following examples:
> # allow access only for full-time users:
> {code:java}
> ${{USER.employeeType == 'full-time'}}{code}
> # allow access only if VISIBILITY tag has attribute type set to public:
> {code:java}
> ${{TAGS.VISIBILITY.level == 'public'}}{code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)