Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-873

Ranger Policy model to support data masking

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 0.6.0
    • admin
    • None

    Description

      Ability to mask sensitive data based on user, group and other criteria is one of the often asked features. This JIRA is to track update to Ranger policy model and policy engine to support mask features.

      Attachments

        Issue Links

          Activity

            madhan Madhan Neethiraj added a comment - - edited

            Review board URL: https://reviews.apache.org/r/45072/

            The attached patch implements the following:

            • Added RangerDataMaskDef to RangerServiceDef, to capture details of the datamask types supported in the service.
            • Added policyType = POLICY_TYPE_DATAMASK, to capture type of datamak to apply for given users/groups/conditions.
            • Added evalDataMaskPolicies() method to policy-engine to evaluate datamask policies and return type of datamask to apply for the given user and resource.
            madhan Madhan Neethiraj added a comment - - edited Review board URL: https://reviews.apache.org/r/45072/ The attached patch implements the following: Added RangerDataMaskDef to RangerServiceDef, to capture details of the datamask types supported in the service. Added policyType = POLICY_TYPE_DATAMASK, to capture type of datamak to apply for given users/groups/conditions. Added evalDataMaskPolicies() method to policy-engine to evaluate datamask policies and return type of datamask to apply for the given user and resource.
            rangerqa rangerqa added a comment -

            -1 overall. Here are the results of testing the latest attachment
            http://issues.apache.org/jira/secure/attachment/12794332/0001-RANGER-873-Ranger-policy-model-to-support-data-maski.patch
            against master revision 7e42940.

            -1 patch. master compilation may be broken.

            Console output: https://builds.apache.org/job/PreCommit-RANGER-Build/113//console

            This message is automatically generated.

            rangerqa rangerqa added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12794332/0001-RANGER-873-Ranger-policy-model-to-support-data-maski.patch against master revision 7e42940. -1 patch . master compilation may be broken. Console output: https://builds.apache.org/job/PreCommit-RANGER-Build/113//console This message is automatically generated.
            rangerqa rangerqa added a comment -

            -1 overall. Here are the results of testing the latest attachment
            http://issues.apache.org/jira/secure/attachment/12795505/0001-RANGER-873-recently-added-RangerDataMaskDef-is-marke.patch
            against master revision e156625.

            +1 @author. The patch does not contain any @author tags.

            -1 tests included. The patch doesn't appear to include any new or modified tests.
            Please justify why no new tests are needed for this patch.
            Also please list what manual steps were performed to verify this patch.

            +1 javac. The applied patch does not increase the total number of javac compiler warnings.

            +1 javadoc. There were no new javadoc warning messages.

            +1 checkstyle. The patch generated 0 code style errors.

            +1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.

            +1 release audit. The applied patch does not increase the total number of release audit warnings.

            +1 core tests. The patch passed unit tests in .

            Test results: https://builds.apache.org/job/PreCommit-RANGER-Build/126//testReport/
            Console output: https://builds.apache.org/job/PreCommit-RANGER-Build/126//console

            This message is automatically generated.

            rangerqa rangerqa added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12795505/0001-RANGER-873-recently-added-RangerDataMaskDef-is-marke.patch against master revision e156625. +1 @author . The patch does not contain any @author tags. -1 tests included . The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 checkstyle. The patch generated 0 code style errors. +1 findbugs . The patch does not introduce any new Findbugs (version 2.0.3) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in . Test results: https://builds.apache.org/job/PreCommit-RANGER-Build/126//testReport/ Console output: https://builds.apache.org/job/PreCommit-RANGER-Build/126//console This message is automatically generated.
            madhan Madhan Neethiraj added a comment - - edited

            Updated the policy model further to support different resource-match options across access-policies and damask-policies i.e. no wildcard match for datamask-policies.

            Updated hive servicedef with dataMaskDef details.

            Updated unit tests

            Review board URL: https://reviews.apache.org/r/45517/

            madhan Madhan Neethiraj added a comment - - edited Updated the policy model further to support different resource-match options across access-policies and damask-policies i.e. no wildcard match for datamask-policies. Updated hive servicedef with dataMaskDef details. Updated unit tests Review board URL: https://reviews.apache.org/r/45517/
            rangerqa rangerqa added a comment -

            -1 overall. Here are the results of testing the latest attachment
            http://issues.apache.org/jira/secure/attachment/12796216/0001-RANGER-873-Ranger-policy-model-update-to-support-dat.patch
            against master revision 9264dd0.

            +1 @author. The patch does not contain any @author tags.

            +1 tests included. The patch appears to include 3 new or modified test files.

            +1 javac. The applied patch does not increase the total number of javac compiler warnings.

            +1 javadoc. There were no new javadoc warning messages.

            +1 checkstyle. The patch generated 0 code style errors.

            +1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.

            +1 release audit. The applied patch does not increase the total number of release audit warnings.

            -1 core tests. The test build failed in

            Test results: https://builds.apache.org/job/PreCommit-RANGER-Build/133//testReport/
            Console output: https://builds.apache.org/job/PreCommit-RANGER-Build/133//console

            This message is automatically generated.

            rangerqa rangerqa added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12796216/0001-RANGER-873-Ranger-policy-model-update-to-support-dat.patch against master revision 9264dd0. +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 3 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 checkstyle. The patch generated 0 code style errors. +1 findbugs . The patch does not introduce any new Findbugs (version 2.0.3) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. -1 core tests . The test build failed in Test results: https://builds.apache.org/job/PreCommit-RANGER-Build/133//testReport/ Console output: https://builds.apache.org/job/PreCommit-RANGER-Build/133//console This message is automatically generated.
            madhan Madhan Neethiraj added a comment - Policy model enhancements to support dataMasking are committed to master: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/d242dd6e http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/760fbdba http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/164d46fd
            • removed unused imports, that were added in the previous commit
            • added field RangerDataMaskTypeDef.transformer
            madhan Madhan Neethiraj added a comment - removed unused imports, that were added in the previous commit added field RangerDataMaskTypeDef.transformer

            People

              madhan Madhan Neethiraj
              madhan Madhan Neethiraj
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: