Description
Ranger policies allow setting up permissions for resource-owners by using {OWNER} as the username in policies. Currently this works only for resource-based policies, and not for tag-based policies. Recognizing {OWNER} in tag-based policies can help address wider authorization needs, like:
tag: SENSITIVE users: {OWNER}, groups: [ data-admins ] permissions: [ select ] isDenyAllElse: true
Attachments
Attachments
Issue Links
- links to