[ 
https://issues.apache.org/jira/browse/RANGER-2000?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Abhay Kulkarni updated RANGER-2000:
-----------------------------------
    Fix Version/s:     (was: 1.0.0)
                   master

> Policy & policy item effective dates to support time-bound and temporary 
> authorization
> --------------------------------------------------------------------------------------
>
>                 Key: RANGER-2000
>                 URL: https://issues.apache.org/jira/browse/RANGER-2000
>             Project: Ranger
>          Issue Type: New Feature
>          Components: Ranger
>            Reporter: Srikanth Venkat
>            Assignee: Abhay Kulkarni
>            Priority: Major
>             Fix For: master
>
>
> Currently Ranger policies have effectiveness period that is permanent i.e. 
> once authored they can only be disabled or enabled. There are many use cases 
> where such policies or even a policy condition needs to be time bound. For 
> example certain financial information about earnings that is sensitive and 
> restricted only until the earnings release date. 
> it would be great to have the ability to specify with each policy or policy 
> condition a time horizon when it is effective (i.e.) either be effective 
> after a certain date and/or expire after a specific date or only valid within 
> a certain time window and have Ranger check whether the policy is effective 
> before evaluating in the policy engine. Therefore, policy authoring can be 
> simplified and does not require any subsequent action from the user, 
> basically making policy authoring a one time effort and users do not have to 
> go back disable the policies once it is past the expiration date.
> This means that:
>  # Ranger policy engine needs to be able to recognize the start and end times 
> for policies or specific policy items (conditions) and enforce them based on 
> period of validity specified by the user.
>  # Active policies should be checked not only based on the resource, user and 
> environment context but also whether the policy itself or policy item 
> condition is effective.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to