[
https://issues.apache.org/jira/browse/RANGER-877?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15185310#comment-15185310
]
rangerqa commented on RANGER-877:
---------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12791908/0001-RANGER-877-Exceptions-in-policies-allowExceptions-sh.patch
against master revision 3620842.
{color:red}-1 patch{color}. master compilation may be broken.
Console output: https://builds.apache.org/job/PreCommit-RANGER-Build/94//console
This message is automatically generated.
> Exceptions in policies: allow-exceptions should implicitly deny;
> deny-exceptions should implicitly allow
> --------------------------------------------------------------------------------------------------------
>
> Key: RANGER-877
> URL: https://issues.apache.org/jira/browse/RANGER-877
> Project: Ranger
> Issue Type: Sub-task
> Components: plugins
> Affects Versions: 0.6.0
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Fix For: 0.6.0
>
> Attachments:
> 0001-RANGER-877-Exceptions-in-policies-allowExceptions-sh.patch
>
>
> In the current policy model (in 0.6), adding an user/group to allowExceptions
> does not automatically deny access to the user/group; the user/group should
> explicitly be added to denyPolicyItems. Similarly adding an user/group to
> denyExceptions does not allow access to the user/group; the user/group should
> explicitly be added to allowPolicyItems.
> While this behavior offers flexibility, it does not seem very intuitive for
> many users. Hence this JIRA to ask for change in the policy engine to
> implicitly treat allowExceptions as deny and denyExceptions as allow.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
