Adding a policy condition to a tag-based policy

You can add a condition to a tag-based policy, using Ranger Admin Web UI when creating a new, or editing an existing policy.

Ranger Admin Web UI supports adding one of the following policy conditions to a new or existing tag-based policy:
  • Accessed after expiry_date ? for example - Yes/No
  • Boolean expression for example - Country_Name="XYZ"
The Policy Conditions dialog prompts for inputs using uhint JSON. For populating "Accessed after expiry_date? (yes/no)" for example, we are using JSON like this:
{
    "itemId": 1,
    "name": "accessed-after-expiry",
    "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptTemplateConditionEvaluator",
    "evaluatorOptions": {
        "scriptTemplate": "ctx.isAccessedAfter('expiry_date');"
    },
    "uiHint": "{ \"singleValue\":true }",
    "label": "Accessed after expiry_date (yes/no)?",
    "description": "Accessed after expiry_date? (yes/no)"
}
  1. In Service Manager > Tag Policies > cm_tag_policies, choose one of the following:
    Add New Policy
    to add a new, tag-based policy.
    Policy ID
    click a policy ID to edit an existing policy.
  2. In either Create Policy or Edit Policy > Policy Conditions, click +.
  3. In Policy Conditions:
    1. In Accessed after expiry date ?, select Yes or No.
    2. In Enter boolean expression, enter an expression that evaluates to true or false.
      Country_Name="XYZ"
  4. Click Save.