Avoid False Starts.

Build a Maturity Path:
Ensure Successful Migration from RBAC to ABAC

Leverage ABAC as your foundation so you can scale with a Zero Trust approach. Rely on RBAC for identity management and enablement instead of systems and implementation.

Okera is designed to support ABAC with very expressive policies. 

Ranger was designed primarily for RBAC, but with ABAC as an afterthought. Broad adoption of ABAC is essential to control policy growth at scale.

Okera is storage and compute tool agnostic, which is essential in heterogeneous environments. This guarantees policies are consistently enforced

Ranger is designed to define policies per tool which leads to policy drift, excessive management costs, and complexity in moving queries across systems, for example once for Databricks and once again for Amazon EMR.

Okera provides enforcement patterns with a Zero Trust approach. 

Okera handles temporary S3 credentials management, which eliminates the need for service IAM roles. With Ranger, some enforcement patterns (for example on Amazon EMR) require service IAM roles, resulting in over privileged access to data.