Hi, i am trying to implement a custom AND condition between the AD groups, for example, let's say i have 4 groups,
grp_hadoop grp_qa grp_enterprise grp_myproject i want to give access to a resource only if a user is present in all groups. i.e *grp_hadoop & grp_qa & grp_enterprise & grp_myproject* and found this article https://cwiki.apache.org/confluence/display/RANGER/Dynamic+Policy+Hooks+in+Ranger+-+Configure+and+Use . before i go and implement a CustomConditionEvaluator, does Ranger support this kind of scenarios out of the box. if yes, how can i achieve this?. if not, then i have to implement a Ranger API's to achieve this functionality. looking at the documentation, i see if i implement RangerAbstractConditionEvaluator should be enough, i don't need a context enricher. is my assumption correct? and, after implementing a CustomConditionEvaluator, how do i make sure Ranger doesn't invoke it by default all the time? i.e, i want to invoke only for the policy conditions i need, is there a way, i can pass information from Ranger admin UI, RangerAccessRequest to passdown the choice to CustomConditionEvaluator Any help is greatly appreciated, Thanks, Yeshwanth Jagini
