[jira] [Comment Edited] (RANGER-606) Add support for deny policies

Mon, 24 Aug 2015 14:24:18 -0700 

    [ 
https://issues.apache.org/jira/browse/RANGER-606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14710083#comment-14710083
 ] 

Madhan Neethiraj edited comment on RANGER-606 at 8/24/15 9:22 PM:
------------------------------------------------------------------

>> my point is we can build the deny capability iteratively. 
I think it will be critical to keep few core areas (like policy data structure, 
REST APIs, policy engine) simple/sane and not made complex with too many 
branches depending upon the piecemeal requirements. Hence I propose the core 
model to support Deny as a first class policy-type. We can still choose to 
control how this is presented to Ranger users to support various usecases (like 
blocked-lists, etc) - for example with custom UI. Piecemeal approach would 
result in having to deal with unnecessary complexity - both in code and for 
customers in migration.


was (Author: madhan.neethiraj):
>> my point is we can build the deny capability iteratively. 
I think it will be critical to keep few core areas (like policy data structure, 
REST APId, policy engine) simple/sane and not made complex with too many 
branches depending upon the piecemeal requirements. Hence I propose the core 
model to support Deny as a first class policy-type. We can still choose to 
control how this is presented to Ranger users to support various usecases (like 
blocked-lists, etc) - for example with custom UI. Piecemeal approach would 
result in having to deal with unnecessary complexity - both in code and for 
customers in migration.

> Add support for deny policies 
> ------------------------------
>
>                 Key: RANGER-606
>                 URL: https://issues.apache.org/jira/browse/RANGER-606
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin, plugins
>    Affects Versions: 0.5.0
>            Reporter: Madhan Neethiraj
>            Assignee: Madhan Neethiraj
>             Fix For: 0.5.0
>
>
> Currently Ranger supports creation of policies that can allow access when 
> specific conditions are met (for example, resources, user, groups, 
> access-type, custom-conditions..). In addition to this, having the ability to 
> create policies that deny access for specific conditions will help address 
> many usecases, like:
> - deny access for specific users/groups/ip-addresses/time-of-day
> - deny access when specific conditions are met - like 
> resources/users/groups/access-types/custom-conditions



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to