Abhay Kulkarni created RANGER-2876:
--------------------------------------
Summary: allow-exception policy-items are not correctly handled
when access-type is '_any'
Key: RANGER-2876
URL: https://issues.apache.org/jira/browse/RANGER-2876
Project: Ranger
Issue Type: Bug
Components: Ranger
Reporter: Abhay Kulkarni
Assignee: Abhay Kulkarni
Fix For: 2.1.0
Ranger plugins use an internal access-type '_any' to when access authorization
requires that the accessed resource has some permission for given
user/group/role. For a component that supports three access-types viz. 'read',
'write', 'delete', and a policy containing access specification for some
resource and some user, such as,
-----
allowed accesses : \{'read', 'write', 'delete'}
exceptions to allowed accesses: \{'read', 'write'}
-----
the user should be allowed '_any' access to the resource by this policy.
Similarly, a policy containing access specification such as
-----
allowed accesses : \{'read', 'write'}
exceptions to allowed accesses: \{'read', 'write'}
-----
should not make authorization decision for '_any' access.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
