You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Madhan Neethiraj (JIRA)" <ji...@apache.org> on 2015/10/07 22:31:27 UTC
[jira] [Created] (RANGER-683) User with authorization to a tag is
allowed access even though access is denied by a policy for the resource
Madhan Neethiraj created RANGER-683:
---------------------------------------
Summary: User with authorization to a tag is allowed access even though access is denied by a policy for the resource
Key: RANGER-683
URL: https://issues.apache.org/jira/browse/RANGER-683
Project: Ranger
Issue Type: Bug
Components: plugins
Affects Versions: 0.6.0
Reporter: Madhan Neethiraj
Assignee: Madhan Neethiraj
Consider the following:
- resource "table=t1; column=c1" is tagged with tag "T1"
- a tag based policy exists that allow access to tag T1 for user1
- a resource based policy for "table=t1; column=c1" denies access for user1
In this case, the current tag-based policy implementation allows user1 to access "table=t1; column=c1" since the user has access to tag T1.
However, since a resource-based policy explicitly denies access for user1, the user should be denied the access.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)