[ https://issues.apache.org/jira/browse/RANGER-3329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pradeep Agrawal updated RANGER-3329: ------------------------------------ Fix Version/s: 2.2.0 3.0.0 > Request for _any access-type is denied only when on all access-types are > denied > ------------------------------------------------------------------------------- > > Key: RANGER-3329 > URL: https://issues.apache.org/jira/browse/RANGER-3329 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: Madhan Neethiraj > Assignee: Abhay Kulkarni > Priority: Major > Fix For: 3.0.0, 2.2.0 > > > Currently a request for _any access-type is denied only if all access-types > in the service-def are denied by policies. Instead of this, the policy-engine > should deny _any access if there are no allowed accesses, and at least one of > the access-type is denied. This will help address following usecase: > - when accessTypeRestrictions is defined on a resource i.e. only a subset of > access-types are shown in policy-UI, it will not be possible to create > policies that deny all accesses. In such cases, the proposed change will > enable denying _any access-type with only subset of access-types denied. -- This message was sent by Atlassian Jira (v8.3.4#803005)