Abhay Kulkarni created RANGER-4820:
--------------------------------------
Summary: Support authorization of multiple accesses grouped by
access groups in one policy engine call
Key: RANGER-4820
URL: https://issues.apache.org/jira/browse/RANGER-4820
Project: Ranger
Issue Type: Improvement
Components: Ranger
Reporter: Abhay Kulkarni
Currently, Ranger policy engine supports authorization of multiple accesses for
a given resource in a single call to the Ranger plugin's isAccessAllowed() API.
However, it has some limitations which are addressed by this JIRA.
Limitation: If multiple accesses are to be authorized, then the current
authorization logic in Ranger policy engine is designed to allow the request to
succeed (that is, grant access) only if all requested accesses are granted.
This Jira supports organizing accesses in groups where each group is granted
access if any access in the group is allowed, and the request is successful
(that is, user is allowed access) only if all groups are granted access.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
