You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Madhan Neethiraj (JIRA)" <ji...@apache.org> on 2015/10/07 22:31:27 UTC

[jira] [Created] (RANGER-683) User with authorization to a tag is allowed access even though access is denied by a policy for the resource

Madhan Neethiraj created RANGER-683:
---------------------------------------

             Summary: User with authorization to a tag is allowed access even though access is denied by a policy for the resource
                 Key: RANGER-683
                 URL: https://issues.apache.org/jira/browse/RANGER-683
             Project: Ranger
          Issue Type: Bug
          Components: plugins
    Affects Versions: 0.6.0
            Reporter: Madhan Neethiraj
            Assignee: Madhan Neethiraj


Consider the following:
 - resource "table=t1; column=c1" is tagged with tag "T1"
 - a tag based policy exists that allow access to tag T1 for user1
 - a resource based policy for "table=t1; column=c1" denies access for user1

In this case, the current tag-based policy implementation allows user1 to access "table=t1; column=c1" since the user has access to tag T1.

However, since a resource-based policy explicitly denies access for user1, the user should be denied the access.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)