Details
-
Sub-task
-
Status: Patch Available
-
Major
-
Resolution: Unresolved
-
2.1.0
-
None
-
None
Description
Static (file-based) attribute provider for Sentry ABAC.
Attributes are string "tags" used to define a feature of the data which may require additional access control steps for security and compliance.
Since Sentry already provides role-based access control, we must be able to define actions to take on data objects based on attribute/role combinations.
This relationship can be modeled and effectively leveraged at query time with a specialized bidirectional map object providing low latency lookup between Attribute and Object, and vice versa.
Attribute->Object definitions will be provided as a JSON object, or as JSON delta updates to existing definitions. This implementation will parse the definitions into the specialized Java object to provide near-O(1) lookup from Attribute-> Object, and from Object -> Attribute associations.