[RANGER-877] Exceptions in policies: allow-exceptions should implicitly deny; deny-exceptions should implicitly allow - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Not A Bug
Affects Version/s: 0.6.0
Fix Version/s: 0.6.0
Component/s: plugins
Labels:
None

Description

In the current policy model (in 0.6), adding an user/group to allowExceptions does not automatically deny access to the user/group; the user/group should explicitly be added to denyPolicyItems. Similarly adding an user/group to denyExceptions does not allow access to the user/group; the user/group should explicitly be added to allowPolicyItems.

While this behavior offers flexibility, it does not seem very intuitive for many users. Hence this JIRA to ask for change in the policy engine to implicitly treat allowExceptions as deny and denyExceptions as allow.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-RANGER-877-Exceptions-in-policies-allowExceptions-sh.patch
09/Mar/16 21:53
8 kB
Madhan Neethiraj

Activity

People

Assignee:: Madhan Neethiraj

Reporter:: Madhan Neethiraj

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Mar/16 01:36

Updated:: 07/Apr/16 21:16

Resolved:: 07/Apr/16 21:16