Create a Time-bound Policy
Where Ranger policies used to be permanent once authored, you can now create a time-bound policy. This enables you to configure a policy to be effective for a specified time range. You can add a validity period to resource- and tag-based policies.
- Financial information about earnings that is sensitive and restricted only until the earnings release date.
- Block a certain user for a specific time period (e.g., a compromised user account being investigated needs to be put on "hold" from accessing resources in Hadoop services).
- Block a certain group for a specific time (e.g., excluding temporary employees from writing on resources during the holiday season).
From Ranger, click on
- On the Create Policy page, fill out the required fields.
- Click Add Validity Period.
In the Policy Validity Period dialog, specify the
Start Time, End Time, and
Optional: You can select the Override option if you want
this policy to take precedence over all other policies during its validity
A decision from an 'override policy' will stop further evaluation of policies.
- Click Add.