Description
Use case:
It should be possible to allow access only to files directly under the directory (say, "/data/oracle") , and not to files under subdirectories of it (such as "/data/oracle/PII"). This cannot be done using wildcards, such as "/data/oracle/*", because it allows access recursively to all files under "/data/oracle/" including those under its subdirectories.
As Ranger supports tokens (introduced by RANGER-698), a Ranger policy for ("/data/oracle/
) will meet this need, if FILENAME token holds the value of file being accessed. Moreover, a more specific policy such as "/data/oracle/
{BASE_FILENAME}.txt" can match only files with ".txt" extension, where "." is used to demarcate extension from base filename.