[ https://issues.apache.org/jira/browse/RANGER-2000?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nitin Galave updated RANGER-2000: --------------------------------- Attachment: UI-RANGER-2000.patch > Policy effective dates to support time-bound and temporary authorization > ------------------------------------------------------------------------ > > Key: RANGER-2000 > URL: https://issues.apache.org/jira/browse/RANGER-2000 > Project: Ranger > Issue Type: New Feature > Components: Ranger > Reporter: Srikanth Venkat > Assignee: Abhay Kulkarni > Priority: Major > Fix For: master, 1.1.0 > > Attachments: UI-RANGER-2000.patch > > > Currently Ranger policies have effectiveness period that is permanent i.e. > once authored they can only be disabled or enabled. There are many use cases > where such policies or even a policy condition needs to be time bound. For > example certain financial information about earnings that is sensitive and > restricted only until the earnings release date. > it would be great to have the ability to specify with each policy a time > horizon when it is effective (i.e.) either be effective after a certain date > and/or expire after a specific date or only valid within a certain time > window and have Ranger check whether the policy is effective before > evaluating in the policy engine. Therefore, policy authoring can be > simplified and does not require any subsequent action from the user, > basically making policy authoring a one time effort and users do not have to > go back disable the policies once it is past the expiration date. > This means that: > # Ranger policy engine needs to be able to recognize the start and end times > for policies and enforce them based on period of validity specified by the > user. > # Active policies should be checked not only based on the resource, user and > environment context but also whether the policy is effective. -- This message was sent by Atlassian JIRA (v7.6.3#76005)