[
https://issues.apache.org/jira/browse/RANGER-2000?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nitin Galave updated RANGER-2000:
---------------------------------
Attachment: UI-RANGER-2000.patch
> Policy effective dates to support time-bound and temporary authorization
> ------------------------------------------------------------------------
>
> Key: RANGER-2000
> URL: https://issues.apache.org/jira/browse/RANGER-2000
> Project: Ranger
> Issue Type: New Feature
> Components: Ranger
> Reporter: Srikanth Venkat
> Assignee: Abhay Kulkarni
> Priority: Major
> Fix For: master, 1.1.0
>
> Attachments: UI-RANGER-2000.patch
>
>
> Currently Ranger policies have effectiveness period that is permanent i.e.
> once authored they can only be disabled or enabled. There are many use cases
> where such policies or even a policy condition needs to be time bound. For
> example certain financial information about earnings that is sensitive and
> restricted only until the earnings release date.
> it would be great to have the ability to specify with each policy a time
> horizon when it is effective (i.e.) either be effective after a certain date
> and/or expire after a specific date or only valid within a certain time
> window and have Ranger check whether the policy is effective before
> evaluating in the policy engine. Therefore, policy authoring can be
> simplified and does not require any subsequent action from the user,
> basically making policy authoring a one time effort and users do not have to
> go back disable the policies once it is past the expiration date.
> This means that:
> # Ranger policy engine needs to be able to recognize the start and end times
> for policies and enforce them based on period of validity specified by the
> user.
> # Active policies should be checked not only based on the resource, user and
> environment context but also whether the policy is effective.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
