Madhan Neethiraj created RANGER-877:
---------------------------------------
Summary: Exceptions in policies: allow-exceptions should
implicitly deny; deny-exceptions should implicitly allow
Key: RANGER-877
URL: https://issues.apache.org/jira/browse/RANGER-877
Project: Ranger
Issue Type: Sub-task
Components: plugins
Affects Versions: 0.6.0
Reporter: Madhan Neethiraj
Assignee: Madhan Neethiraj
In the current policy model (in 0.6), adding an user/group to allowExceptions
does not automatically deny access to the user/group; the user/group should
explicitly be added to denyPolicyItems. Similarly adding an user/group to
denyExceptions does not allow access to the user/group; the user/group should
explicitly be added to allowPolicyItems.
While this behavior offers flexibility, it does not seem very intuitive for
many users. Hence this JIRA to ask for change in the policy engine to
implicitly treat allowExceptions as deny and denyExceptions as allow.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
