Details
-
New Feature
-
Status: Open
-
Major
-
Resolution: Unresolved
-
3.5.3
-
None
-
None
Description
Integrating Open Policy Agent with Spark will enable fine-grained access control, compliance, and security policies with external data sources.
One way to do this is to leverage SparkSessionExtensions to add a check rule against the spark logical plan prior to its execution. By accessing the logical plan and extracting the user_id, we can determine the user, actions (read, write, etc.), and resources. With this, we can construct and send an OPA http request, allowing granular authorization.