ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tanping Wang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-606) Add support for deny policies
Date Thu, 12 Nov 2015 18:21:11 GMT

    [ https://issues.apache.org/jira/browse/RANGER-606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15002574#comment-15002574
] 

Tanping Wang commented on RANGER-606:
-------------------------------------

[~balaji.ganesan03@gmail.com] [~madhan.neethiraj]   We think we understand how you are approaching
with "deny".  We are thinking there might be some gaps that needs to be filled in.  That's
why [~yanz]  is proposing as above.  This is an issue we want to treat very carefully.  We
see there are questions about the proposal Yan has.   Is it possible to meet in person or
over the phone, so that we can present in details of our thinking?  We can also do a side
by side comparison of the two approaches. 

> Add support for deny policies 
> ------------------------------
>
>                 Key: RANGER-606
>                 URL: https://issues.apache.org/jira/browse/RANGER-606
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin, plugins
>    Affects Versions: 0.5.0
>            Reporter: Madhan Neethiraj
>            Assignee: Madhan Neethiraj
>             Fix For: 0.5.0
>
>
> Currently Ranger supports creation of policies that can allow access when specific conditions
are met (for example, resources, user, groups, access-type, custom-conditions..). In addition
to this, having the ability to create policies that deny access for specific conditions will
help address many usecases, like:
> - deny access for specific users/groups/ip-addresses/time-of-day
> - deny access when specific conditions are met - like resources/users/groups/access-types/custom-conditions



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message