ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madhan Neethiraj (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (RANGER-874) Deny & allow/deny exceptions in policies should be optional
Date Tue, 08 Mar 2016 02:37:40 GMT

     [ https://issues.apache.org/jira/browse/RANGER-874?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Madhan Neethiraj updated RANGER-874:
------------------------------------
    Fix Version/s:     (was: 0.5.0)

> Deny & allow/deny exceptions in policies should be optional
> -----------------------------------------------------------
>
>                 Key: RANGER-874
>                 URL: https://issues.apache.org/jira/browse/RANGER-874
>             Project: Ranger
>          Issue Type: Sub-task
>          Components: admin
>    Affects Versions: 0.6.0
>            Reporter: Madhan Neethiraj
>            Assignee: Madhan Neethiraj
>         Attachments: 0001-RANGER-874-deny-and-exceptions-in-policy-items-made-.patch
>
>
> Ranger policy model in 0.5 release and earlier supported the ability to specify the conditions
(user/group/ip/custom-condtions) to allow an access to a resource. The policy model has been
updated for the next release (0.6), with ability to specify conditions to deny an access to
a resource; in addition the model.
> To support this update, Ranger Policy UI has been enhanced to show policy-items in 4
groups: allow, allow-exceptions, deny and deny-exceptions. Comments earlier in RANGER-606
suggested that introduction of deny and exceptions adds complexity. To address this concern,
the enhancements will be made optional via servicedef. Only servicedefs that opt-in (for deny
and exceptions in policies) will be able to use these enhancements. For servicedefs that don't
opt-in, Ranger Admin will not show deny and exception policy-item groups; also the policy-engine
will ignore dent and exception policy-items if found in policies - there by maintaining the
simplicity of the current policy model.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message