Madhan Neethiraj created RANGER-3329:
----------------------------------------
Summary: Request for _any access-type is denied only when on all
access-types are denied
Key: RANGER-3329
URL: https://issues.apache.org/jira/browse/RANGER-3329
Project: Ranger
Issue Type: Bug
Components: plugins
Reporter: Madhan Neethiraj
Currently a request for _any access-type is denied only if all access-types in
the service-def are denied by policies. Instead of this, the policy-engine
should deny _any access if there are no allowed accesses, and at least one of
the access-type is denied. This will help address following usecase:
- when accessTypeRestrictions is defined on a resource i.e. only a subset of
access-types are shown in policy-UI, it will not be possible to create policies
that deny all accesses. In such cases, the proposed change will enable denying
_any access-type with only subset of access-types denied.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
