[RANGER-606] Add support for deny policies - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.5.0
Fix Version/s: 0.6.0
Component/s: admin, plugins
Labels:
None

Description

Currently Ranger supports creation of policies that can allow access when specific conditions are met (for example, resources, user, groups, access-type, custom-conditions..). In addition to this, having the ability to create policies that deny access for specific conditions will help address many usecases, like:

deny access for specific users/groups/ip-addresses/time-of-day
deny access when specific conditions are met - like resources/users/groups/access-types/custom-conditions

Attachments

Issue Links

links to

Documentation

Service Definition

Sub-Tasks

1.	Update policy listing page with a new column 'Policy Type'	Resolved	Gautam Borad
2.	Update HDFS plugin to fallback to hadoop-acl only when there is no Ranger policy to determine the authorization	Resolved	Madhan Neethiraj
3.	Policy UI updates for the changes in policy model to support policyItems of type allow/deny/allow-exception/deny-exception	Resolved	Gautam Borad
4.	Deny & allow/deny exceptions in policies should be optional	Resolved	Madhan Neethiraj
5.	Policy UI updates to make deny & exception policy items optional	Resolved	Mehul Parikh
6.	Exceptions in policies: allow-exceptions should implicitly deny; deny-exceptions should implicitly allow	Resolved	Madhan Neethiraj

Activity

People

Assignee:: Madhan Neethiraj

Reporter:: Madhan Neethiraj

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Created:: 12/Aug/15 09:02

Updated:: 09/Jul/16 05:20

Resolved:: 09/Jul/16 05:20