[
https://issues.apache.org/jira/browse/RANGER-4820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884371#comment-17884371
]
Abhay Kulkarni commented on RANGER-4820:
----------------------------------------
Addendum:
Review request: [https://reviews.apache.org/r/75206/]
Commit details:
master:
https://github.com/apache/ranger/commit/bc596e627f394d6d8a683fc7a8e09260ebecc3ac
> Support authorization of multiple accesses grouped by access groups in one
> policy engine call
> ---------------------------------------------------------------------------------------------
>
> Key: RANGER-4820
> URL: https://issues.apache.org/jira/browse/RANGER-4820
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Reporter: Abhay Kulkarni
> Assignee: Abhay Kulkarni
> Priority: Major
> Fix For: 3.0.0, 2.5.0
>
>
> Currently, Ranger policy engine supports authorization of multiple accesses
> for a given resource in a single call to the Ranger plugin's
> isAccessAllowed() API. However, it has some limitations which are addressed
> by this JIRA.
> Limitation: If multiple accesses are to be authorized, then the current
> authorization logic in Ranger policy engine is designed to allow the request
> to succeed (that is, grant access) only if all requested accesses are granted.
> This Jira supports organizing accesses in groups where each group is granted
> access if any access in the group is allowed, and the request is successful
> (that is, user is allowed access) only if all groups are granted access.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
