ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abhay Kulkarni (Jira)" <j...@apache.org>
Subject [jira] [Assigned] (RANGER-2569) Policy with isDenyAllElse=true denies request to check if any access is allowed
Date Tue, 17 Sep 2019 20:36:00 GMT

     [ https://issues.apache.org/jira/browse/RANGER-2569?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Abhay Kulkarni reassigned RANGER-2569:
--------------------------------------

    Assignee: Abhay Kulkarni

> Policy with isDenyAllElse=true denies request to check if any access is allowed
> -------------------------------------------------------------------------------
>
>                 Key: RANGER-2569
>                 URL: https://issues.apache.org/jira/browse/RANGER-2569
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: 2.0.0
>            Reporter: Madhan Neethiraj
>            Assignee: Abhay Kulkarni
>            Priority: Major
>
> RANGER-2507 introduced flag {{isDenyAllElse}} in RangerPolicy to implicitly deny accesses
other than the ones granted in this policy. Such policies incorrectly deny requests to check
if the user has {{any}} access for a given resource - if the policy explicitly doesn't allow
the user any access. This is incorrect, as this prevents other policies from being evaluated
to check if they grant the user any access.



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Mime
View raw message