Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-2569

Policy with isDenyAllElse=true denies request to check if any access is allowed

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.0.0
    • 2.1.0
    • plugins
    • None

    Description

      RANGER-2507 introduced flag isDenyAllElse in RangerPolicy to implicitly deny accesses other than the ones granted in this policy. Such policies incorrectly deny requests to check if the user has any access for a given resource - if the policy explicitly doesn't allow the user any access. This is incorrect, as this prevents other policies from being evaluated to check if they grant the user any access.

      Attachments

        Issue Links

          is caused by

          Improvement - An improvement or enhancement to an existing feature or task. RANGER-2507 Support for policy to implicitly deny all accesses not explicitly allowed by it

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              abhayk Abhay Kulkarni
              madhan Madhan Neethiraj
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: