[
https://issues.apache.org/jira/browse/RANGER-606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14714508#comment-14714508
]
Balaji Ganesan commented on RANGER-606:
---------------------------------------
[~aloklal99] Deny or access policy achieve the same goal in my opinion, you can
deny set of users or only give access to only users who need access.
We still are not solving the end user who would need to think and plan before
to setting up the policies. Users should have choice to use either a deny or
access policy to achieve the end security goal, and should be able to do that
in few steps without a lot of planning and brainstorm. I think we should it
make it configurable for end user to choose the policy types he/she would want
to see in UI and that could be configurable anytime. A user looking for simple
way of managing can choose to see only "explicit grant" or "allow" policy
types, while a more sophisticated user can choose to have both allow and deny
policy available in the UI.
> Add support for deny policies
> ------------------------------
>
> Key: RANGER-606
> URL: https://issues.apache.org/jira/browse/RANGER-606
> Project: Ranger
> Issue Type: Bug
> Components: admin, plugins
> Affects Versions: 0.5.0
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Fix For: 0.5.0
>
>
> Currently Ranger supports creation of policies that can allow access when
> specific conditions are met (for example, resources, user, groups,
> access-type, custom-conditions..). In addition to this, having the ability to
> create policies that deny access for specific conditions will help address
> many usecases, like:
> - deny access for specific users/groups/ip-addresses/time-of-day
> - deny access when specific conditions are met - like
> resources/users/groups/access-types/custom-conditions
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
