[ 
https://issues.apache.org/jira/browse/RANGER-5663?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dineshkumar Yadav reassigned RANGER-5663:
-----------------------------------------

    Assignee: Bhavesh Amre

> prevent policy creation for resources outside of Security Zone
> --------------------------------------------------------------
>
>                 Key: RANGER-5663
>                 URL: https://issues.apache.org/jira/browse/RANGER-5663
>             Project: Ranger
>          Issue Type: Task
>          Components: Ranger
>            Reporter: Dineshkumar Yadav
>            Assignee: Bhavesh Amre
>            Priority: Major
>
> [PROBLEM STATEMENT/ ISSUE] Under security zone policy creation is allowed 
> outside the zone. Mostly we need to prevent Ranger security zone 
> administrators from creating policies outside the zone scope even though 
> these policies will not be enforced
> [CAUSE OF THE ISSUE / DETERMINATION]
> users are able to list the other resources though they don't have access to
> [SOLUTION]
> Though we create the ranger policies with different resources other than the 
> zone, policy will not be evaluated.
> [SUGGESTION]
> Ranger currently allows users to create a policy with an out-of-zone 
> resource, but the policy does not become effective due to a security zone 
> mismatch. He suggests implementing a pop-up deny message to prevent the 
> selection of a resource name outside the zone during the policy creation 
> stage.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to