For UC1 ³allow user to only access some particular data², it is a good business use case. Technically we should be aware of that each policy will be evaluated once for each event or each window of events. So, for a particular user, we can¹t define 2 or more such whitelist policy as today each policy is independently evaluated.
For UC2 why not just delete original policy? It looks it introduce another complexity of policy priority. You would like the new whitelist policy to override original policy. We should discuss. Thanks Edward Zhang On 11/8/15, 9:11, "Manoharan, Arun" <[email protected]> wrote: >Hi Folks, > >There is a need for a whitelist feature in Eagle. > >Current Feature: >Today most of the policies are set based on ³If any user access abc.dat >data 10 times send an alert². > >UC1: >In case of a whitelist you can say ³Allow user Arun to only access >particular data sets like abc.data² If anything else send an alert. > >UC2: >You can white list a user to say this user ³Y² can access abc.dat more >than 10 times. This should not trigger an alert which was originally put >in place based on [current feature]. > >I would like to start the discussion on this feature. > >Thanks, >Arun
