Providing Authorization with Apache Ranger
Also available as:
PDF
loading table of contents...

Create a Time-bound Policy

Ranger policy validity periods enable you to configure a policy to be effective for a specified time range. You can add a validity period to both resource-based and tag-based policies.

Time-bound policy use-case examples:
  • To restrict access to sensitive financial information until the earnings release date.
  • To block a certain user for a specific time period (e.g., a compromised user account being investigated needs to be put on "hold" from accessing resources in Hadoop services).
  • To block a certain group for a specific time (e.g., excluding temporary employees from writing on resources during the holiday season).
Note
Note
The following procedure shows how to create a time-bound resource-based policy. The procedure is essentially the same for a tag-based resource policy.
  1. On the Ranger Service Manger page, select a service, then click Add New Policy.
  2. Complete the fields on the Create Policy page.
  3. Click Add Validity Period.
  4. On the Policy Validity Period pop-up, specify a start time, end time, and time zone. To add additional validity periods, click the + symbol. Click Save to save the specified validity periods.

    Policy Validity Period Example
  5. If you would like the policy to override all other policies during its validity period, select override.

    Policy Validity Period Example
  6. Click Add.