Srikanth Venkat created RANGER-2000:
---------------------------------------
Summary: Policy & policy item effective dates to support
time-bound and temporary authorization
Key: RANGER-2000
URL: https://issues.apache.org/jira/browse/RANGER-2000
Project: Ranger
Issue Type: New Feature
Components: Ranger
Reporter: Srikanth Venkat
Fix For: 1.0.0
Currently Ranger policies have effectiveness period that is permanent i.e. once
authored they can only be disabled or enabled. There are many use cases where
such policies or even a policy condition needs to be time bound. For example
certain financial information about earnings that is sensitive and restricted
only until the earnings release date.
it would be great to have the ability to specify with each policy or policy
condition a time horizon when it is effective (i.e.) either be effective after
a certain date and/or expire after a specific date or only valid within a
certain time window and have Ranger check whether the policy is effective
before evaluating in the policy engine. Therefore, policy authoring can be
simplified and does not require any subsequent action from the user, basically
making policy authoring a one time effort and users do not have to go back
disable the policies once it is past the expiration date.
This means that:
# Ranger policy engine needs to be able to recognize the start and end times
for policies or specific policy items (conditions) and enforce them based on
period of validity specified by the user.
# Active policies should be checked not only based on the resource, user and
environment context but also whether the policy itself or policy item condition
is effective.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
