[
https://issues.apache.org/jira/browse/RANGER-3329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17391331#comment-17391331
]
Kishor Gollapalliwar commented on RANGER-3329:
----------------------------------------------
[~abhayk]/ [~madhan] Created follow-up / addendum patch.
Patch is available at the review board: https://reviews.apache.org/r/73495/
> Request for _any access-type is denied only when on all access-types are
> denied
> -------------------------------------------------------------------------------
>
> Key: RANGER-3329
> URL: https://issues.apache.org/jira/browse/RANGER-3329
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Madhan Neethiraj
> Assignee: Abhay Kulkarni
> Priority: Major
>
> Currently a request for _any access-type is denied only if all access-types
> in the service-def are denied by policies. Instead of this, the policy-engine
> should deny _any access if there are no allowed accesses, and at least one of
> the access-type is denied. This will help address following usecase:
> - when accessTypeRestrictions is defined on a resource i.e. only a subset of
> access-types are shown in policy-UI, it will not be possible to create
> policies that deny all accesses. In such cases, the proposed change will
> enable denying _any access-type with only subset of access-types denied.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
