Create a Time-bound Policy

Ranger policy validity periods enable you to configure a policy to be effective for a specified time range. You can add a validity period to both resource-based and tag-based policies.

Time-bound policy use-case examples:

• To restrict access to sensitive financial information until the earnings release date.
• To block a certain user for a specific time period (e.g., a compromised user account being investigated needs to be put on "hold" from accessing resources in Hadoop services).
• To block a certain group for a specific time (e.g., excluding temporary employees from writing on resources during the holiday season).

	Note
	The following procedure shows how to create a time-bound resource-based policy. The procedure is essentially the same for a tag-based resource policy.

1. On the Ranger Service Manger page, select a service, then click Add New Policy.
2. Complete the fields on the Create Policy page.
3. Click Add Validity Period.
4. On the Policy Validity Period pop-up, specify a start time, end time, and time zone. To add additional validity periods, click the + symbol. Click Save to save the specified validity periods.
   
   
   
5. If you would like the policy to override all other policies during its validity period, select override.
   
   
   
6. Click Add.