[
https://issues.apache.org/jira/browse/RANGER-606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15002574#comment-15002574
]
Tanping Wang commented on RANGER-606:
-------------------------------------
[[email protected]] [~madhan.neethiraj] We think we understand how
you are approaching with "deny". We are thinking there might be some gaps that
needs to be filled in. That's why [~yanz] is proposing as above. This is an
issue we want to treat very carefully. We see there are questions about the
proposal Yan has. Is it possible to meet in person or over the phone, so that
we can present in details of our thinking? We can also do a side by side
comparison of the two approaches.
> Add support for deny policies
> ------------------------------
>
> Key: RANGER-606
> URL: https://issues.apache.org/jira/browse/RANGER-606
> Project: Ranger
> Issue Type: Bug
> Components: admin, plugins
> Affects Versions: 0.5.0
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Fix For: 0.5.0
>
>
> Currently Ranger supports creation of policies that can allow access when
> specific conditions are met (for example, resources, user, groups,
> access-type, custom-conditions..). In addition to this, having the ability to
> create policies that deny access for specific conditions will help address
> many usecases, like:
> - deny access for specific users/groups/ip-addresses/time-of-day
> - deny access when specific conditions are met - like
> resources/users/groups/access-types/custom-conditions
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
