Dineshkumar Yadav created RANGER-5663:
-----------------------------------------
Summary: prevent policy creation for resources outside of Security
Zone
Key: RANGER-5663
URL: https://issues.apache.org/jira/browse/RANGER-5663
Project: Ranger
Issue Type: Task
Components: Ranger
Reporter: Dineshkumar Yadav
[PROBLEM STATEMENT/ ISSUE] Under security zone policy creation is allowed
outside the zone. Mostly we need to prevent Ranger security zone administrators
from creating policies outside the zone scope even though these policies will
not be enforced
[CAUSE OF THE ISSUE / DETERMINATION]
users are able to list the other resources though they don't have access to
[SOLUTION]
Though we create the ranger policies with different resources other than the
zone, policy will not be evaluated.
[SUGGESTION]
Ranger currently allows users to create a policy with an out-of-zone resource,
but the policy does not become effective due to a security zone mismatch. He
suggests implementing a pop-up deny message to prevent the selection of a
resource name outside the zone during the policy creation stage.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)