You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Madhan Neethiraj (JIRA)" <ji...@apache.org> on 2015/10/22 22:07:27 UTC
[jira] [Commented] (RANGER-606) Add support for deny policies
[ https://issues.apache.org/jira/browse/RANGER-606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14969803#comment-14969803 ]
Madhan Neethiraj commented on RANGER-606:
-----------------------------------------
Details of the current implementation along with few usecases is available in the documentation here - https://cwiki.apache.org/confluence/display/RANGER/Deny-conditions+and+excludes+in+Ranger+policies.
Can you please review the details and vote as below?
+1: current implementation is good
-1: current implementation is not good. Please add alternate design proposal for each usecase covered in the documentation.
0: no comments
> Add support for deny policies
> ------------------------------
>
> Key: RANGER-606
> URL: https://issues.apache.org/jira/browse/RANGER-606
> Project: Ranger
> Issue Type: Bug
> Components: admin, plugins
> Affects Versions: 0.5.0
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Fix For: 0.5.0
>
>
> Currently Ranger supports creation of policies that can allow access when specific conditions are met (for example, resources, user, groups, access-type, custom-conditions..). In addition to this, having the ability to create policies that deny access for specific conditions will help address many usecases, like:
> - deny access for specific users/groups/ip-addresses/time-of-day
> - deny access when specific conditions are met - like resources/users/groups/access-types/custom-conditions
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)