ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abhay Kulkarni (Jira)" <j...@apache.org>
Subject [jira] [Assigned] (RANGER-3329) Request for _any access-type is denied only when on all access-types are denied
Date Thu, 08 Jul 2021 17:48:01 GMT

     [ https://issues.apache.org/jira/browse/RANGER-3329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Abhay Kulkarni reassigned RANGER-3329:
--------------------------------------

    Assignee: Abhay Kulkarni

> Request for _any access-type is denied only when on all access-types are denied
> -------------------------------------------------------------------------------
>
>                 Key: RANGER-3329
>                 URL: https://issues.apache.org/jira/browse/RANGER-3329
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>            Reporter: Madhan Neethiraj
>            Assignee: Abhay Kulkarni
>            Priority: Major
>
> Currently a request for _any access-type is denied only if all access-types in the service-def
are denied by policies. Instead of this, the policy-engine should deny _any access if there
are no allowed accesses, and at least one of the access-type is denied. This will help address
following usecase:
>  - when accessTypeRestrictions is defined on a resource i.e. only a subset of access-types
are shown in policy-UI, it will not be possible to create policies that deny all accesses.
In such cases, the proposed change will enable denying _any access-type with only subset of
access-types denied.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message