[
https://issues.apache.org/jira/browse/RANGER-1234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15706076#comment-15706076
]
Nigel Jones commented on RANGER-1234:
-------------------------------------
I did notice also when reading through the docs it's a little tricky to figure
out how the post-result filtering is done without looking through the code.
Forgive the newbie questions ;-) From the policy engine code it looks as if we
have preProcess(), isAccessAllowed - makes sense, but then the caller needs to
make the actual data request (if allowed), and then - at least in hive (maybe
that's a bad example) there's a little more complexity to filer the results - I
can see evalDataMaskPolicies() and evalRowFilterPolicies() & assume those would
be what to call within a new plugin? Is my understanding correct? I think it's
here perhaps we could generalize & also allow for additional plugins??
> Post-evaluation phase user extensions
> -------------------------------------
>
> Key: RANGER-1234
> URL: https://issues.apache.org/jira/browse/RANGER-1234
> Project: Ranger
> Issue Type: Improvement
> Reporter: Nigel Jones
>
> As per
> https://cwiki.apache.org/confluence/display/RANGER/Dynamic+Policy+Hooks+in+Ranger+-+Configure+and+Use
> we have the ability to add
> - content enricher
> - condition evaluator
> user extensions to a ranger plugin.
> However the third phase -- post evaluation -- could also lend itself to user
> extension such as additional user defined filtering of resultant data sets
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
