Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-2302

Clients should be able to add tag information to access requests

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.2.0
    • Fix Version/s: None
    • Component/s: tagsync
    • Labels:
    • Flags:
      Patch

      Description

      Ranger currently assumes that clients are tag unaware. It, for example, syncs tag information with Atlas. This has several issues:

      1. It assumes Ranger is the single source of truth connecting resource and tag information
      2. As the tagsync is not happening realtime (either due to Kafka delay or due to caching) security issues can pop up. E.g. copy a file with PII info to different location has a time window that Ranger is unaware of the tag.

      If the client is tag aware it could supply the tags that it knows of as part of the request. This ensures immediate availability and propagation of tags.

      A backward compatible implementation could be to use KEY_USER_TAGS with a delimiter as part of the RangerAccessResource request and have RangerTagEnricher pick up these tags

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              bolke Bolke de Bruin
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: