Adding a policy condition to a tag-based policy

You can add a condition to a tag-based policy, using Ranger Admin Web UI when creating a new, or editing an existing policy.

Ranger Admin Web UI supports adding one of the following policy conditions to a new or existing tag-based policy:

Accessed after expiry_date ? for example - Yes/No
Boolean expression for example - Country_Name="XYZ"

The Policy Conditions dialog prompts for inputs using uhint JSON. For populating "Accessed after expiry_date? (yes/no)" for example, we are using JSON like this:

{
    "itemId": 1,
    "name": "accessed-after-expiry",
    "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptTemplateConditionEvaluator",
    "evaluatorOptions": {
        "scriptTemplate": "ctx.isAccessedAfter('expiry_date');"
    },
    "uiHint": "{ \"singleValue\":true }",
    "label": "Accessed after expiry_date (yes/no)?",
    "description": "Accessed after expiry_date? (yes/no)"
}

In Service Manager > Tag Policies > cm_tag_policies, choose one of the following:

Add New Policy

to add a new, tag-based policy.

Policy ID

click a policy ID to edit an existing policy.
In either Create Policy or Edit Policy > Policy Conditions, click +.
In Policy Conditions:
1. In Accessed after expiry date ?, select Yes or No.
2. In Enter boolean expression, enter an expression that evaluates to true or false.
  Country_Name="XYZ"
Click Save.