[ https://issues.apache.org/jira/browse/RANGER-2000?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16385652#comment-16385652 ]
Abhay Kulkarni edited comment on RANGER-2000 at 3/14/18 6:56 PM: ----------------------------------------------------------------- Additional commits to fix issues: Logging level fix - [https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=19d6ef464a39394869ddf49e49c8e39dce96a8a0] Unit tests fix - [https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=1d4afbe57a86bf025b00b0e2c93793d355a9096d] NPE when validating time-spec - [https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=aca4c3b5438e0e52b1e2d24a7e322278d36c7ffc] Create transaction log for update to time-spec - https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=94d0566d21a64b795c9a4844354960605bc1f9d9 was (Author: abhayk): Commit details: https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=844315cdbc5e4589f5a4f873c33533d8f7bb014e > Policy effective dates to support time-bound and temporary authorization > ------------------------------------------------------------------------ > > Key: RANGER-2000 > URL: https://issues.apache.org/jira/browse/RANGER-2000 > Project: Ranger > Issue Type: New Feature > Components: Ranger > Reporter: Srikanth Venkat > Assignee: Abhay Kulkarni > Priority: Major > Fix For: master, 1.1.0 > > > Currently Ranger policies have effectiveness period that is permanent i.e. > once authored they can only be disabled or enabled. There are many use cases > where such policies or even a policy condition needs to be time bound. For > example certain financial information about earnings that is sensitive and > restricted only until the earnings release date. > it would be great to have the ability to specify with each policy a time > horizon when it is effective (i.e.) either be effective after a certain date > and/or expire after a specific date or only valid within a certain time > window and have Ranger check whether the policy is effective before > evaluating in the policy engine. Therefore, policy authoring can be > simplified and does not require any subsequent action from the user, > basically making policy authoring a one time effort and users do not have to > go back disable the policies once it is past the expiration date. > This means that: > # Ranger policy engine needs to be able to recognize the start and end times > for policies and enforce them based on period of validity specified by the > user. > # Active policies should be checked not only based on the resource, user and > environment context but also whether the policy is effective. -- This message was sent by Atlassian JIRA (v7.6.3#76005)