Create a time-bound policy

Ranger policy validity periods enable you to configure a policy to be effective for a specified time range. You can add a validity period to both resource-based and tag-based policies.

Time-bound policy use-case examples:
  • To restrict access to sensitive financial information until the earnings release date.
  • To block a certain user for a specific time period (e.g., a compromised user account being investigated needs to be put on "hold" from accessing resources in Hadoop services).
  • To block a certain group for a specific time (e.g., excluding temporary employees from writing on resources during the holiday season).
  1. On the Ranger Service Manger page, select a service, then click Add New Policy.
  2. Complete the fields on the Create Policy page.
  3. Click Add Validity Period.
  4. On the Policy Validity Period pop-up, specify a start time, end time, and time zone. To add additional validity periods, click the + symbol. Click Save to save the specified validity periods.

    Policy Validity Period Example
  5. If you would like the policy to override all other policies during its validity period, select override.

    Policy Validity Period Example
  6. Click Add.