Madhan Neethiraj created RANGER-683:
---------------------------------------
Summary: User with authorization to a tag is allowed access even
though access is denied by a policy for the resource
Key: RANGER-683
URL: https://issues.apache.org/jira/browse/RANGER-683
Project: Ranger
Issue Type: Bug
Components: plugins
Affects Versions: 0.6.0
Reporter: Madhan Neethiraj
Assignee: Madhan Neethiraj
Consider the following:
- resource "table=t1; column=c1" is tagged with tag "T1"
- a tag based policy exists that allow access to tag T1 for user1
- a resource based policy for "table=t1; column=c1" denies access for user1
In this case, the current tag-based policy implementation allows user1 to
access "table=t1; column=c1" since the user has access to tag T1.
However, since a resource-based policy explicitly denies access for user1, the
user should be denied the access.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
