Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-1302

Support FILENAME and BASE_FILENAME tokens for HDFS plugin

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.7.0
    • 0.7.0
    • plugins
    • None

    Description

      Use case:
      It should be possible to allow access only to files directly under the directory (say, "/data/oracle") , and not to files under subdirectories of it (such as "/data/oracle/PII"). This cannot be done using wildcards, such as "/data/oracle/*", because it allows access recursively to all files under "/data/oracle/" including those under its subdirectories.

      As Ranger supports tokens (introduced by RANGER-698), a Ranger policy for ("/data/oracle/

      {FILENAME}

      ) will meet this need, if FILENAME token holds the value of file being accessed. Moreover, a more specific policy such as "/data/oracle/

      {BASE_FILENAME}

      .txt" can match only files with ".txt" extension, where "." is used to demarcate extension from base filename.

      Attachments

        Activity

          People

            abhayk Abhay Kulkarni
            abhayk Abhay Kulkarni
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 72h
                72h
                Remaining:
                Remaining Estimate - 72h
                72h
                Logged:
                Time Spent - Not Specified
                Not Specified