Versions Compared

Old Version 1

changes.mady.by.user Nigel Jones

Saved on

compared with

New Version 2

changes.mady.by.user Nigel Jones

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added quick summary of gaianDB and ranger

This page is intended to introduce the GaianDB technology and how in the VDC project we will use it to enforce access to data. Any code & designs mentioned here do not form part of the Atlas project work per se, but are driving additional capabilities in Atlas and demonstrating a real world scenario for virtualization. Its important to note too that the frameworks we refer to below are open, pluggable.

What is Gaian?

GaianDB is a IBM developed open source project that is available on github . It is effectively a wrapper, and additional VTIs around Apache Derby that supports highly distributed, loosely coupled, self learning, federated database views. For this project we are not concerned with the self-learning aspect, nor necessarily the highly distributed topologies possible but we are making use of it's ability to federate across multiple databases.

In our initial project we will offer two different "views" of the same database. One will look very much like the real database, with technical column names. The other will have more business-oriented names (these names come via glossary lookups) and my have a subset of the columns (technical gawp not needed by a business user). GaianDB is capable of an awful lot more including joining data across multiple databases (multiple rdbms, files, rest API calls).

Enforcing data access through gaian

For this project, we want to use metadata to drive enforcement. We will use Apache Ranger as the enforcement technology & build a Ranger plugin for gaianDB in a very similar way to the Ranger plugin for Hive

Resource definitions (assets) and classifications will be defined in Atlas & can then be used within ranger rules. For example we may tag a column with "confidentiality=secret", but due to the improved glossary support in Atlas this won't be a direct association but rather will be determined via the fact the column is associated with a business term such as "customer income". Our updated GAF OMAS which integrates with Ranger's tagsync will support this. 

This plugin will also record audit events, whilst ranger itself could also be enhanced to provide additional metadata about it's rules & configuration back to atlas where they can be kitted with Atlas's knowledge (likely through some stewardship process) and we can link business policies with implemented rules.

The ranger plugin for GaianDB is currently being developed via github, but it's hoped the Ranger project could take this on as an example