I have a question regarding Policies: When creatin...
# all-things-deploymentb
brave-businessperson-3969
11/10/2021, 1:19 PMI have a question regarding Policies: When creating policies, one can define in the second screen ("Configure Privilieges") to which resources the policy should be applied to (field "Resoures"). How can I apply the policy e.g. to all tables of a certain DB? When trying to add resources I can add only individual tables. Is there any support of wildcards or another way to apply a policy to all datasets/tables within a schema/DB (without adding all tables one by one to the policy)?
b
big-carpet-38439
11/10/2021, 5:26 PM@brave-businessperson-3969 Currently, there are no "container predicates" inside the Policies. That being said, first-class modeling of containers (databases, schemas, collections) is on our roadmap, and once we've modeled them we will most likely extend the Policies subsystem to support defining predicates on these things
big-carpet-38439
11/10/2021, 5:27 PMWhat is the use case you are hoping to achieve? ie what privileges assigned to who? I'm wondering if there's an alternate approach we can use for now
b
brave-businessperson-3969
11/10/2021, 5:40 PMHello John, thanks for the quick response. The usecase is quite simple: we have a fairly large data warehouse with different schemata containing information from various parts of the company. A different team is responsible for each schema but within the schema the team is responsible for all aspects (documentation, data quality, data processing, etc.). We are tying to map this responsibility to the catalog so that each team have full edit permission for the data ingested from "their" schema but not for other schemas.
brave-businessperson-3969
11/10/2021, 5:43 PMThis is not a feature we need "tomorrow" but beeing able to manage permissions at schema level beginning of next year would be very nice. Do you have any estimate when the extended policies will be available?
b
big-carpet-38439
11/10/2021, 5:48 PMExtended policies will depend on the availability of databases, schemas, collections as first-class entities on DataHub. This represents Milestone 1 and I'd estimate this to be done by end of January 2022. Milestone 2 is using these containers as resource filters in Policies which I'd estimate another month on because there are competing priorities for a resource-constrained core team.
Of course, community contribution in this area has potential to speed up those timelines but as of now I have not heard of folks outside core team working towards it
b
brave-businessperson-3969
11/10/2021, 6:00 PMThe timeline is totally fine for us. Regarding community contributions: I assume one need to be quite familar with larger parts of the DataHub codebase to contribute to this feature?
2 Views