Madhan Neethiraj created RANGER-874:
---------------------------------------
Summary: Deny & allow/deny exceptions in policies should be
optional
Key: RANGER-874
URL: https://issues.apache.org/jira/browse/RANGER-874
Project: Ranger
Issue Type: Sub-task
Components: admin
Affects Versions: 0.6.0
Reporter: Madhan Neethiraj
Assignee: Madhan Neethiraj
Ranger policy model in 0.5 release and earlier supported the ability to specify
the conditions (user/group/ip/custom-condtions) to allow an access to a
resource. The policy model has been updated for the next release (0.6), with
ability to specify conditions to deny an access to a resource; in addition the
model.
To support this update, Ranger Policy UI has been enhanced to show policy-items
in 4 groups: allow, allow-exceptions, deny and deny-exceptions. Comments
earlier in RANGER-606 suggested that introduction of deny and exceptions adds
complexity. To address this concern, the enhancements will be made optional via
servicedef. Only servicedefs that opt-in (for deny and exceptions in policies)
will be able to use these enhancements. For servicedefs that don't opt-in,
Ranger Admin will not show deny and exception policy-item groups; also the
policy-engine will ignore dent and exception policy-items if found in policies
- there by maintaining the simplicity of the current policy model.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
