Create a Time-bound Policy
Where Apache Ranger policies used to be permanent once authored, as of HDP 3.0, you can now create a time-bound policy. This enables you to configure a policy to be effective for a specified time range. You can add a validity period to resource- and tag-based policies.
- Financial information about earnings that is sensitive and restricted only until the earnings release date.
- Block a certain user for a specific time period (e.g., a compromised user account being investigated needs to be put on "hold" from accessing resources in Hadoop services).
- Block a certain group for a specific time (e.g., excluding temporary employees from writing on resources during the holiday season).
From Ranger, click
- Complete the fields of the Create Policy page.
- Click Add Validity Period.
In the Policy Validity Period dialog box, specify the
Start Time, End Time, and
If you want this policy to take precedence over all other policies during its
validity period, click Override
A decision from this policy stops further evaluation of policies.
- Click Add.