ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madhan Neethiraj (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RANGER-877) Exceptions in policies: allow-exceptions should implicitly deny; deny-exceptions should implicitly allow
Date Tue, 08 Mar 2016 01:36:40 GMT
Madhan Neethiraj created RANGER-877:
---------------------------------------

             Summary: Exceptions in policies: allow-exceptions should implicitly deny; deny-exceptions
should implicitly allow
                 Key: RANGER-877
                 URL: https://issues.apache.org/jira/browse/RANGER-877
             Project: Ranger
          Issue Type: Sub-task
          Components: plugins
    Affects Versions: 0.6.0
            Reporter: Madhan Neethiraj
            Assignee: Madhan Neethiraj


In the current policy model (in 0.6), adding an user/group to allowExceptions does not automatically
deny access to the user/group; the user/group should explicitly be added to denyPolicyItems.
Similarly adding an user/group to denyExceptions does not allow access to the user/group;
the user/group should explicitly be added to allowPolicyItems.

While this behavior offers flexibility, it does not seem very intuitive for many users. Hence
this JIRA to ask for change in the policy engine to implicitly treat allowExceptions as deny
and denyExceptions as allow.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message