Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The policy model enhancements in RANGER-606 add the capability to explicitly deny access on the given conditions and also to specify excludes to allow-conditions and deny-conditions. Let’s use the same policies used in the previous section, but with an added condition to explicitly deny access to users in interns group.

Please note that after updates in RANGER-876, deny in policies are is available only for services whose service-def has option enableDenyAndExceptionsInPolicies set to true, as shown below: