[
https://issues.apache.org/jira/browse/RANGER-5663?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dineshkumar Yadav reassigned RANGER-5663:
-----------------------------------------
Assignee: Bhavesh Amre
> prevent policy creation for resources outside of Security Zone
> --------------------------------------------------------------
>
> Key: RANGER-5663
> URL: https://issues.apache.org/jira/browse/RANGER-5663
> Project: Ranger
> Issue Type: Task
> Components: Ranger
> Reporter: Dineshkumar Yadav
> Assignee: Bhavesh Amre
> Priority: Major
>
> [PROBLEM STATEMENT/ ISSUE] Under security zone policy creation is allowed
> outside the zone. Mostly we need to prevent Ranger security zone
> administrators from creating policies outside the zone scope even though
> these policies will not be enforced
> [CAUSE OF THE ISSUE / DETERMINATION]
> users are able to list the other resources though they don't have access to
> [SOLUTION]
> Though we create the ranger policies with different resources other than the
> zone, policy will not be evaluated.
> [SUGGESTION]
> Ranger currently allows users to create a policy with an out-of-zone
> resource, but the policy does not become effective due to a security zone
> mismatch. He suggests implementing a pop-up deny message to prevent the
> selection of a resource name outside the zone during the policy creation
> stage.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)