Apache Ranger’s pluggable architecture allows centralized authoring of authorization policies and access audits—for Hadoop and non-Hadoop components. Authorization policy model is designed to capture and express complex authorization needs of component.
In this session, we will present two more key enhancements made to the policy model in the next release to make it richer and support advanced authorization needs of contemporary enterprise security infrastructure.
• Ranger service definition is enhanced to support specification of allowed accesses on a given resource. This specification is then utilized to present only valid accesses when authoring policy targeted for the resource.
• Ranger policy model is enhanced to support time-based policy that temporarily grants/denies access to a resource during specified time window. The time specification supports specification of a time zone which is enforced based on the time zone of the component where the Ranger plugin runs.
We will conclude by a demonstration of these new capabilities.