[
https://issues.apache.org/jira/browse/RANGER-606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14697641#comment-14697641
]
Madhan Neethiraj commented on RANGER-606:
-----------------------------------------
[~bganesan] Global blacklist is a good starting point for the discussion. Lets
get a little deeper on this requirement.
- Is the requirement restricted to deny all access to a given set of
users/groups?
- Will there be a need to deny only a subset of access to based on certain
conditions like time-of-day/geo-locations/ip-address? Like deny write access to
selective resources to a set of: 1) suspected ip-addresses 2) time-of-the-day
like before market open/ after market close 3) geographic locations like
countries/states?
> Add support for deny policies
> ------------------------------
>
> Key: RANGER-606
> URL: https://issues.apache.org/jira/browse/RANGER-606
> Project: Ranger
> Issue Type: Bug
> Components: admin, plugins
> Affects Versions: 0.5.0
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Fix For: 0.5.0
>
>
> Currently Ranger supports creation of policies that can allow access when
> specific conditions are met (for example, resources, user, groups,
> access-type, custom-conditions..). In addition to this, having the ability to
> create policies that deny access for specific conditions will help address
> many usecases, like:
> - deny access for specific users/groups/ip-addresses/time-of-day
> - deny access when specific conditions are met - like
> resources/users/groups/access-types/custom-conditions
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
