ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madhan Neethiraj (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RANGER-683) User with authorization to a tag is allowed access even though access is denied by a policy for the resource
Date Wed, 07 Oct 2015 20:31:27 GMT
Madhan Neethiraj created RANGER-683:
---------------------------------------

             Summary: User with authorization to a tag is allowed access even though access
is denied by a policy for the resource
                 Key: RANGER-683
                 URL: https://issues.apache.org/jira/browse/RANGER-683
             Project: Ranger
          Issue Type: Bug
          Components: plugins
    Affects Versions: 0.6.0
            Reporter: Madhan Neethiraj
            Assignee: Madhan Neethiraj


Consider the following:
 - resource "table=t1; column=c1" is tagged with tag "T1"
 - a tag based policy exists that allow access to tag T1 for user1
 - a resource based policy for "table=t1; column=c1" denies access for user1

In this case, the current tag-based policy implementation allows user1 to access "table=t1;
column=c1" since the user has access to tag T1.

However, since a resource-based policy explicitly denies access for user1, the user should
be denied the access.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message