[jira] [Commented] (RANGER-3329) Request for _any access-type is denied only when on all access-types are denied

Kishor Gollapalliwar (Jira) Tue, 10 Aug 2021 06:59:07 -0700


    [ 
https://issues.apache.org/jira/browse/RANGER-3329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17396692#comment-17396692
 ]


Kishor Gollapalliwar commented on RANGER-3329:
----------------------------------------------

master commit: 
https://github.com/apache/ranger/commit/91545f7ce2772887465a4d28fb373494ea418d3a
2.2 commit: 
https://github.com/apache/ranger/commit/df73558c0f7000a942b08e6e2fee056b16c8846f

> Request for _any access-type is denied only when on all access-types are 
> denied
> -------------------------------------------------------------------------------
>
>                 Key: RANGER-3329
>                 URL: https://issues.apache.org/jira/browse/RANGER-3329
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>            Reporter: Madhan Neethiraj
>            Assignee: Abhay Kulkarni
>            Priority: Major
>
> Currently a request for _any access-type is denied only if all access-types 
> in the service-def are denied by policies. Instead of this, the policy-engine 
> should deny _any access if there are no allowed accesses, and at least one of 
> the access-type is denied. This will help address following usecase:
>  - when accessTypeRestrictions is defined on a resource i.e. only a subset of 
> access-types are shown in policy-UI, it will not be possible to create 
> policies that deny all accesses. In such cases, the proposed change will 
> enable denying _any access-type with only subset of access-types denied.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (RANGER-3329) Request for _any access-type is denied only when on all access-types are denied

Reply via email to