[
https://issues.apache.org/jira/browse/RANGER-3329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-3329:
------------------------------------
Fix Version/s: 2.2.0
3.0.0
> Request for _any access-type is denied only when on all access-types are
> denied
> -------------------------------------------------------------------------------
>
> Key: RANGER-3329
> URL: https://issues.apache.org/jira/browse/RANGER-3329
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Madhan Neethiraj
> Assignee: Abhay Kulkarni
> Priority: Major
> Fix For: 3.0.0, 2.2.0
>
>
> Currently a request for _any access-type is denied only if all access-types
> in the service-def are denied by policies. Instead of this, the policy-engine
> should deny _any access if there are no allowed accesses, and at least one of
> the access-type is denied. This will help address following usecase:
> - when accessTypeRestrictions is defined on a resource i.e. only a subset of
> access-types are shown in policy-UI, it will not be possible to create
> policies that deny all accesses. In such cases, the proposed change will
> enable denying _any access-type with only subset of access-types denied.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
