Description
Currently, Ranger policy engine supports authorization of multiple accesses for a given resource in a single call to the Ranger plugin's isAccessAllowed() API. However, it has some limitations which are addressed by this JIRA.
Limitation: If multiple accesses are to be authorized, then the current authorization logic in Ranger policy engine is designed to allow the request to succeed (that is, grant access) only if all requested accesses are granted.
This Jira supports organizing accesses in groups where each group is granted access if any access in the group is allowed, and the request is successful (that is, user is allowed access) only if all groups are granted access.