[
https://issues.apache.org/jira/browse/RANGER-2465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16863365#comment-16863365
]
Ramesh Mani commented on RANGER-2465:
-------------------------------------
Also attaching the sample service definition for including the Multi-Tag Policy
Condition.
1) There will be a policy condition defined like the following.
{code:java}
{
"itemId":3,
"name":"tags",
"evaluator":
"org.apache.ranger.plugin.conditionevaluator.RangerMultipleTagsConditionEvaluator",
"label":"Enter Tags",
"description": "Enter Tags"
}
{code}
2) In the Tag Policies will have Multiple-Tag values to enter:
{"name":"multitag-policy-for-financeDB",
"resource":{"elements":{"database":"finance"}},
"accessType": "read",
"conditions": [
{
"type": "tags",
"values": [
"PCI",
"HIPPA"
]
}
],
}
> Create a PolicyCondition to apply if all given tags are present for the
> accessed resource
> -----------------------------------------------------------------------------------------
>
> Key: RANGER-2465
> URL: https://issues.apache.org/jira/browse/RANGER-2465
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: master
> Reporter: Ramesh Mani
> Assignee: Ramesh Mani
> Priority: Major
> Fix For: 2.0.0
>
>
> Create a PolicyCondition to apply if all given tags are present for the
> accessed resource.
> i.e All the Tags in the policy condition has to be present for the resource
> when user access it, then only allow that resource to be accessed by that
> user.
> A built in Policy Condition has to be created for this, which can be defined
> in the service definition of a service that needs this addition functionality.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
