Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-3676

tag-based policies don't recognize {OWNER} in users as resource owners

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.0.0, 2.3.0
    • plugins
    • None

    Description

      Ranger policies allow setting up permissions for resource-owners by using {OWNER} as the username in policies. Currently this works only for resource-based policies, and not for tag-based policies. Recognizing {OWNER} in tag-based policies can help address wider authorization needs, like:

      tag:           SENSITIVE
      users:         {OWNER}, groups: [ data-admins ]
      permissions:   [ select ]
      isDenyAllElse: true

       

      Attachments

        1. RANGER-3676.patch
          5 kB
          Madhan Neethiraj

        Issue Links

          Activity

            People

              madhan Madhan Neethiraj
              madhan Madhan Neethiraj
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: