Time Validity Condition Macros¶
Time Validity Macros are only applicable when Apache Ranger Plugin or Privacera DataServer is used in the integration.
They are not supported by Privacera PolicySync connectors (e.g., for Snowflake, Databricks UnityCatalog, Redshift, etc.).
Time-based macros allow policy authors to define access windows by specifying when users, groups, or roles are allowed (or denied) access to resources.
Key Points¶
- Time Zone: All times must be specified in GMT.
- Supported Formats:
yyyy/MM/dd HH:mm:ss→ e.g.,2023/12/20 20:30:30yyyy/MM/dd HH:mm→ e.g.,2023/12/20 20:30yyyy/MM/dd→ e.g.,2023/12/20
Where Time Macros Can Be Used¶
Time validity macros can be added to Policy Conditions in:
| Policy Type | Location |
|---|---|
| Resource Access Policies | ✅ Policy Details, Allow/Deny Items |
| Tag-Based Policies | ✅ Policy Details, Allow/Deny Items |
Time Macro Reference¶
| Macro | Description |
|---|---|
IS_ACCESS_TIME_AFTER() | Returns true if access occurs after the specified timestamp. |
IS_ACCESS_TIME_BEFORE() | Returns true if access occurs before the specified timestamp. |
IS_ACCESS_TIME_BETWEEN() | Returns true if access occurs between the two specified timestamps. |
Examples¶
| Macro Usage | Behavior |
|---|---|
IS_ACCESS_TIME_AFTER('2024/01/01 09:00') | Grants access only after 9 AM GMT on Jan 1, 2024 |
IS_ACCESS_TIME_BEFORE('2024/01/01 09:00') | Grants access only before 9 AM GMT on Jan 1, 2024 |
IS_ACCESS_TIME_BETWEEN('2024/01/01 09:00', '2024/01/01 18:00') | Grants access only between 9 AM and 6 PM GMT on Jan 1, 2024 |
Notes¶
- These macros return a boolean value and can be combined with other conditions (e.g., user attributes, group membership).
- Use quotes
' 'around date strings and avoid leading/trailing spaces within timestamps.