Create a time-bound policy
Ranger policy validity periods enable you to configure a policy to be effective for a specified time range. You can add a validity period to both resource-based and tag-based policies.
Time-bound policy use-case examples:
- To restrict access to sensitive financial information until the earnings release date.
- To block a certain user for a specific time period (e.g., a compromised user account being investigated needs to be put on "hold" from accessing resources in Hadoop services).
- To block a certain group for a specific time (e.g., excluding temporary employees from writing on resources during the holiday season).
- On , select a service.
- On <Service_name> Policies, click Add New Policy.
- Complete the fields on Create Policy.
- Click Add Validity Period.
On Policy Validity Period, specify a start time, end
time, and time zone. To add additional validity periods, click
+ . Click Save to save the
specified validity periods.
If you would like the policy to override all other policies during its validity
period, select override.
- Click Add.