Description
Ranger policy model currently supports validity schedule at the policy level, which allows a policy author to allow/deny permissions for specific time periods. This should be extended at policy-item level, so that permissions call be allowed/denied for individual principals for a specific time periods. RANGER-3815 asked for this enhancement, which was addressed with introduction of macros. However, supporting validity schedule, similar to the one at policy level, will make it consistent.
Custom conditions supported by Ranger policy model can be extended to provide this functionality, by adding a condition that takes validity schedule as the input. Policy UI can be enhanced to provide the same experience for policy items as at the policy level.
Attachments
Attachments
Issue Links
- is depended upon by
-
RANGER-4971 UI: condition to support validity schedule
- Open
- is related to
-
RANGER-3815 PolicyItem supports validity period setting
- Resolved
- Testing discovered
-
RANGER-5010 Validity schedule unit tests fail
- Resolved