Created 04-24-2019 12:14 PM
Hi there! I'm try to deploy Apache Ranger ranger-tagsync module without Apache Atlas.
I'm enable option "TAG_SOURCE_FILE_ENABLED = true" but can't understand the way of creating needed tags.json file.
In my plan, my own deamon will simply generate this file for tagging hive-columns giving tag-based policies opportunity masking this columns for usergroups.
Mostly i'am follow next article:
but it's a problem to create working file-prototype.
I'am need worked examples of this file or Atlas REST output with same actions.
Thank you.
Created 06-26-2019 12:17 PM
For the futures.
Far along time i'm create correct view of tagsync source json file.
Work example of HIVE-service tagfile
At this example, database "default" , table "personal data", column "address" mark with PII tag; database "default" , table "personal data", column "phone" mark with PAD tag :
{ "op": "add_or_update", "serviceName": "AUTH_HIVE", "tagVersion": 3, "tagDefinitions": { "1":{"id":1, "guid":"tagdef-1", "name":"PAD", "attributeDefs":[], "owner":0}, "2":{"id":2, "guid":"tagdef-2", "name":"PII", "attributeDefs":[], "owner":0} }, "tags": { "1": { "type": "PAD", "attributes": {}, "id": 1, "guid": "tag-pad-1-guid" }, "2": { "type": "PII", "attributes": {}, "id": 2, "guid": "tag-pii-2-guid" } }, "serviceResources": [ { "serviceName": "AUTH_HIVE", "resourceElements": { "database": { "values": [ "default" ] }, "table": { "values": [ "personal_data" ] }, "column": { "values": [ "address" ] } }, "id": 1, "guid": "employee.personal.address-guid" }, { "serviceName": "AUTH_HIVE", "resourceElements": { "database": { "values": [ "default" ] }, "table": { "values": [ "personal_data" ] }, "column": { "values": [ "phone" ] } }, "id": 2, "guid": "employee.personal.phone-guid" } ], "resourceToTagIds": { "1": [ 1 ], "2": [ 2 ] } }
Work example for HBASE-service
hbase table "weblog" with column-family "user_profile" is hiding :
{ "op": "add_or_update", "serviceName": "AUTH_HBASE", "tagVersion": 3, "tagDefinitions": { "1":{"id":1, "guid":"tagdef-hb1", "name":"PII", "attributeDefs":[], "owner":0} }, "tags": { "1": { "type": "PII", "attributes": {}, "id": 1, "guid": "tag-pii-hb1-guid" } }, "serviceResources": [ { "serviceName": "AUTH_HBASE", "resourceElements": { "table": { "values": [ "default:weblog" ] }, "column-family": { "values": [ "user_profile" ] } }, "id": 1, "guid": "weblog.user.profile-guid" } ], "resourceToTagIds": { "1": [ 1 ] } }
Ask your questions
Created 04-29-2019 12:21 AM
@Konstantin Tsypin Your message was misposted in the Community Help track previously. That track is for questions and answers about how to use the community website. Your question was moived to the Security track on Sun Apr 28 2019.
Created 06-26-2019 12:17 PM
For the futures.
Far along time i'm create correct view of tagsync source json file.
Work example of HIVE-service tagfile
At this example, database "default" , table "personal data", column "address" mark with PII tag; database "default" , table "personal data", column "phone" mark with PAD tag :
{ "op": "add_or_update", "serviceName": "AUTH_HIVE", "tagVersion": 3, "tagDefinitions": { "1":{"id":1, "guid":"tagdef-1", "name":"PAD", "attributeDefs":[], "owner":0}, "2":{"id":2, "guid":"tagdef-2", "name":"PII", "attributeDefs":[], "owner":0} }, "tags": { "1": { "type": "PAD", "attributes": {}, "id": 1, "guid": "tag-pad-1-guid" }, "2": { "type": "PII", "attributes": {}, "id": 2, "guid": "tag-pii-2-guid" } }, "serviceResources": [ { "serviceName": "AUTH_HIVE", "resourceElements": { "database": { "values": [ "default" ] }, "table": { "values": [ "personal_data" ] }, "column": { "values": [ "address" ] } }, "id": 1, "guid": "employee.personal.address-guid" }, { "serviceName": "AUTH_HIVE", "resourceElements": { "database": { "values": [ "default" ] }, "table": { "values": [ "personal_data" ] }, "column": { "values": [ "phone" ] } }, "id": 2, "guid": "employee.personal.phone-guid" } ], "resourceToTagIds": { "1": [ 1 ], "2": [ 2 ] } }
Work example for HBASE-service
hbase table "weblog" with column-family "user_profile" is hiding :
{ "op": "add_or_update", "serviceName": "AUTH_HBASE", "tagVersion": 3, "tagDefinitions": { "1":{"id":1, "guid":"tagdef-hb1", "name":"PII", "attributeDefs":[], "owner":0} }, "tags": { "1": { "type": "PII", "attributes": {}, "id": 1, "guid": "tag-pii-hb1-guid" } }, "serviceResources": [ { "serviceName": "AUTH_HBASE", "resourceElements": { "table": { "values": [ "default:weblog" ] }, "column-family": { "values": [ "user_profile" ] } }, "id": 1, "guid": "weblog.user.profile-guid" } ], "resourceToTagIds": { "1": [ 1 ] } }
Ask your questions