You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Balaji Ganesan (JIRA)" <ji...@apache.org> on 2015/08/13 00:57:45 UTC

[jira] [Commented] (RANGER-606) Add support for deny policies

    [ https://issues.apache.org/jira/browse/RANGER-606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14694368#comment-14694368 ] 

Balaji Ganesan commented on RANGER-606:
---------------------------------------

We need a clear understanding of the workflow and hierarchy of how these policies would be evaluated and then audited. Questions I would have are

1. How are these policies created in Ranger? Would Ranger have a separate UI for this?
2. What will be the hierarchy if there is a deny policy or a allow policy for the same user?

> Add support for deny policies 
> ------------------------------
>
>                 Key: RANGER-606
>                 URL: https://issues.apache.org/jira/browse/RANGER-606
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin, plugins
>    Affects Versions: 0.5.0
>            Reporter: Madhan Neethiraj
>            Assignee: Madhan Neethiraj
>
> Currently Ranger supports creation of policies that can allow access when specific conditions are met (for example, resources, user, groups, access-type, custom-conditions..). In addition to this, having the ability to create policies that deny access for specific conditions will help address many usecases, like:
> - deny access for specific users/groups/ip-addresses/time-of-day
> - deny access when specific conditions are met - like resources/users/groups/access-types/custom-conditions



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)