Create a Time-bound Policy
Ranger policy validity periods enable you to configure a policy to be effective for a specified time range. You can add a validity period to both resource-based and tag-based policies.
Time-bound policy use-case examples:
- To restrict access to sensitive financial information until the earnings release date.
- To block a certain user for a specific time period (e.g., a compromised user account being investigated needs to be put on "hold" from accessing resources in Hadoop services).
- To block a certain group for a specific time (e.g., excluding temporary employees from writing on resources during the holiday season).
The following procedure shows how to create a time-bound resource-based policy. The procedure is essentially the same for a tag-based resource policy.
- On the Ranger Service Manger page, select a service, then click Add New Policy.
- Complete the fields on the Create Policy page.
- Click Add Validity Period.
On the Policy Validity Period pop-up, specify a start
time, end time, and time zone. To add additional validity periods, click the
+ symbol. Click Save to save the specified validity
If you would like the policy to override all other policies during its validity
period, select override.
- Click Add.