[
https://issues.apache.org/jira/browse/RANGER-2000?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16385652#comment-16385652
]
Abhay Kulkarni edited comment on RANGER-2000 at 3/14/18 6:56 PM:
-----------------------------------------------------------------
Additional commits to fix issues:
Logging level fix -
[https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=19d6ef464a39394869ddf49e49c8e39dce96a8a0]
Unit tests fix -
[https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=1d4afbe57a86bf025b00b0e2c93793d355a9096d]
NPE when validating time-spec -
[https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=aca4c3b5438e0e52b1e2d24a7e322278d36c7ffc]
Create transaction log for update to time-spec -
https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=94d0566d21a64b795c9a4844354960605bc1f9d9
was (Author: abhayk):
Commit details:
https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=844315cdbc5e4589f5a4f873c33533d8f7bb014e
> Policy effective dates to support time-bound and temporary authorization
> ------------------------------------------------------------------------
>
> Key: RANGER-2000
> URL: https://issues.apache.org/jira/browse/RANGER-2000
> Project: Ranger
> Issue Type: New Feature
> Components: Ranger
> Reporter: Srikanth Venkat
> Assignee: Abhay Kulkarni
> Priority: Major
> Fix For: master, 1.1.0
>
>
> Currently Ranger policies have effectiveness period that is permanent i.e.
> once authored they can only be disabled or enabled. There are many use cases
> where such policies or even a policy condition needs to be time bound. For
> example certain financial information about earnings that is sensitive and
> restricted only until the earnings release date.
> it would be great to have the ability to specify with each policy a time
> horizon when it is effective (i.e.) either be effective after a certain date
> and/or expire after a specific date or only valid within a certain time
> window and have Ranger check whether the policy is effective before
> evaluating in the policy engine. Therefore, policy authoring can be
> simplified and does not require any subsequent action from the user,
> basically making policy authoring a one time effort and users do not have to
> go back disable the policies once it is past the expiration date.
> This means that:
> # Ranger policy engine needs to be able to recognize the start and end times
> for policies and enforce them based on period of validity specified by the
> user.
> # Active policies should be checked not only based on the resource, user and
> environment context but also whether the policy is effective.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
