Wondering why apache ranger has both allow/exclude and deny/exclude conditions when setting policies. Eg. tried setting an HDFS access policy such that only user user1 had access. However, when testing, found that it basically had no effect and others could access the HDFS location as well. Only worked as intended after setting a public group deny condition on the policy.
Given this, when would ranger ever use the allow conditions and not just do something like "deny public, but exclude from this user1." It seems redundant as it is now, so I'm wondering if I am misunderstanding how it is intended to be used or not seeing a potential use case where this would come into play. Could anyone clarify this for me?
When you have an investment in one country and your family is in another you will find out that you feel a little unsecured. This is because you might have to travel from time to time to check on your family and spend some time with them. Sometimes you have to rush back to business to avoid anything going wrong. Also, you might not really be happy because your role in the family is being missed. But with a second citizen program, this issue will be well taken care of. This is because your family can freely come to live with you in the new country of your investment.