Dineshkumar Yadav created RANGER-5663:
-----------------------------------------

             Summary: prevent policy creation for resources outside of Security 
Zone
                 Key: RANGER-5663
                 URL: https://issues.apache.org/jira/browse/RANGER-5663
             Project: Ranger
          Issue Type: Task
          Components: Ranger
            Reporter: Dineshkumar Yadav


[PROBLEM STATEMENT/ ISSUE] Under security zone policy creation is allowed 
outside the zone. Mostly we need to prevent Ranger security zone administrators 
from creating policies outside the zone scope even though these policies will 
not be enforced

[CAUSE OF THE ISSUE / DETERMINATION]

users are able to list the other resources though they don't have access to

[SOLUTION]

Though we create the ranger policies with different resources other than the 
zone, policy will not be evaluated.

[SUGGESTION]

Ranger currently allows users to create a policy with an out-of-zone resource, 
but the policy does not become effective due to a security zone mismatch. He 
suggests implementing a pop-up deny message to prevent the selection of a 
resource name outside the zone during the policy creation stage.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to