1.0.0/Atlas-Authorization-Simple-Authorizer.html - atlas-website - Git at Google

 <!DOCTYPE html>
 <!--
  | Generated by Apache Maven Doxia Site Renderer 1.8 from src/site/twiki/Atlas-Authorization-Simple-Authorizer.twiki at 2018-06-14
  | Rendered using Apache Maven Fluido Skin 1.7
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <meta name="Date-Revision-yyyymmdd" content="20180614" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Apache Atlas &#x2013; Setting up Atlas to use Simple Authorizer</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.7.min.css" />
     <link rel="stylesheet" href="./css/site.css" />
     <link rel="stylesheet" href="./css/print.css" media="print" />
     <script type="text/javascript" src="./js/apache-maven-fluido-1.7.min.js"></script>
   </head>
   <body class="topBarEnabled">
     <div id="topbar" class="navbar navbar-fixed-top ">
       <div class="navbar-inner">
             <div class="container" style="width: 68%;"><div class="nav-collapse">
             <ul class="nav">
       <li class="dropdown">
         <a href="#" class="dropdown-toggle" data-toggle="dropdown">Apache Atlas <b class="caret"></b></a>
         <ul class="dropdown-menu">
             <li><a href="index.html" title="Overview">Overview</a></li>
             <li><a href="license.html" title="License">License</a></li>
             <li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="Downloads">Downloads</a></li>
             <li><a href="https://cwiki.apache.org/confluence/display/ATLAS" title="Wiki">Wiki</a></li>
             <li><a href="https://git-wip-us.apache.org/repos/asf/atlas.git" title="Git">Git</a></li>
             <li><a href="https://issues.apache.org/jira/browse/ATLAS" title="Jira">Jira</a></li>
             <li><a href="https://reviews.apache.org/groups/atlas/?sort=-time_added" title="Review Board">Review Board</a></li>
         </ul>
       </li>
       <li class="dropdown">
         <a href="#" class="dropdown-toggle" data-toggle="dropdown">Project Information <b class="caret"></b></a>
         <ul class="dropdown-menu">
             <li><a href="project-info.html" title="Summary">Summary</a></li>
             <li><a href="mail-lists.html" title="Mailing Lists">Mailing Lists</a></li>
             <li><a href="team-list.html" title="Team">Team</a></li>
             <li><a href="issue-tracking.html" title="Issue Tracking">Issue Tracking</a></li>
             <li><a href="source-repository.html" title="Source Repository">Source Repository</a></li>
         </ul>
       </li>
       <li class="dropdown">
         <a href="#" class="dropdown-toggle" data-toggle="dropdown">Downloads <b class="caret"></b></a>
         <ul class="dropdown-menu">
             <li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="1.0.0">1.0.0</a></li>
             <li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="0.8.2">0.8.2</a></li>
             <li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="0.8.1">0.8.1</a></li>
             <li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="0.8-incubating">0.8-incubating</a></li>
             <li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="0.7.1-incubating">0.7.1-incubating</a></li>
             <li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="0.7-incubating">0.7-incubating</a></li>
             <li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="0.6-incubating">0.6-incubating</a></li>
             <li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="0.5-incubating">0.5-incubating</a></li>
         </ul>
       </li>
       <li class="dropdown">
         <a href="#" class="dropdown-toggle" data-toggle="dropdown">Documentation <b class="caret"></b></a>
         <ul class="dropdown-menu">
             <li><a href="../index.html" title="latest">latest</a></li>
             <li><a href="../1.0.0/index.html" title="1.0.0">1.0.0</a></li>
             <li><a href="../0.8.2/index.html" title="0.8.2">0.8.2</a></li>
             <li><a href="../0.8.1/index.html" title="0.8.1">0.8.1</a></li>
             <li><a href="../0.8.0-incubating/index.html" title="0.8-incubating">0.8-incubating</a></li>
             <li><a href="../0.7.1-incubating/index.html" title="0.7.1-incubating">0.7.1-incubating</a></li>
             <li><a href="../0.7.0-incubating/index.html" title="0.7-incubating">0.7-incubating</a></li>
             <li><a href="../0.6.0-incubating/index.html" title="0.6-incubating">0.6-incubating</a></li>
             <li><a href="../0.5.0-incubating/index.html" title="0.5-incubating">0.5-incubating</a></li>
         </ul>
       </li>
       <li class="dropdown">
         <a href="#" class="dropdown-toggle" data-toggle="dropdown">ASF <b class="caret"></b></a>
         <ul class="dropdown-menu">
             <li><a href="http://www.apache.org/foundation/how-it-works.html" title="How Apache Works">How Apache Works</a></li>
             <li><a href="https://www.apache.org/events/current-event" title="Events">Events</a></li>
             <li><a href="https://www.apache.org/licenses/" title="License">License</a></li>
             <li><a href="http://www.apache.org/foundation/" title="Foundation">Foundation</a></li>
             <li><a href="http://www.apache.org/foundation/sponsorship.html" title="Sponsoring Apache">Sponsoring Apache</a></li>
             <li><a href="http://www.apache.org/foundation/thanks.html" title="Thanks">Thanks</a></li>
         </ul>
       </li>
             </ul>
 <form id="search-form" action="https://www.google.com/search" method="get"  class="navbar-search pull-right" >
   <input value="http://atlas.apache.org" name="sitesearch" type="hidden"/>
   <input class="search-query" name="q" id="query" type="text" />
 </form>
 <script type="text/javascript">asyncJs( 'https://cse.google.com/brand?form=search-form' )</script>
     <iframe src="https://www.facebook.com/plugins/like.php?href=http://atlas.apache.org/atlas-docs&send=false&layout=button_count&show-faces=false&action=like&colorscheme=dark"
         scrolling="no" frameborder="0"
         style="border:none; width:100px; height:20px; margin-top: 10px;"  class="pull-right" ></iframe>
     <script type="text/javascript">asyncJs( 'https://apis.google.com/js/plusone.js' )</script>
     <ul class="nav pull-right"><li style="margin-top: 10px;">
     <div class="g-plusone" data-href="http://atlas.apache.org/atlas-docs" data-size="medium"  width="60px" align="right" ></div>
     </li></ul>
             </div>
         </div>
       </div>
     </div>
     <div class="container">
       <div id="banner">
         <div class="pull-left"><a href=".." id="bannerLeft"><img src="images/atlas-logo.png"  alt="Apache Atlas" width="200px" height="45px"/></a></div>
         <div class="pull-right"></div>
         <div class="clear"><hr/></div>
       </div>

       <div id="breadcrumbs">
         <ul class="breadcrumb">
       <li class=""><a href="http://www.apache.org" class="externalLink" title="Apache">Apache</a><span class="divider">/</span></li>
       <li class=""><a href="index.html" title="Atlas">Atlas</a><span class="divider">/</span></li>
     <li class="active ">Setting up Atlas to use Simple Authorizer</li>
         <li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2018-06-14</li>
           <li id="projectVersion" class="pull-right">Version: 1.0.0</li>
         </ul>
       </div>
         <div id="bodyColumn" >
 <div class="section">
 <h4><a name="Setting_up_Atlas_to_use_Simple_Authorizer"></a>Setting up Atlas to use Simple Authorizer</h4>
 <p>As detailed in <a href="./Atlas-Authorization-Model.html">Atlas Authorization Model</a>, Apache Atlas supports a pluggable authorization model. Simple authorizer is the default authorizer implementation included in Apache Atlas. Simple authorizer uses policies defined in a JSON file. This document provides details of steps to configure Apache Atlas to use the simple authorizer and details of the JSON file format containing authorization policies.</p></div>
 <div class="section">
 <h5><a name="Configure_Apache_Atlas"></a>Configure Apache Atlas</h5>
 <p>To configure Apache Atlas to use simple authorizer, include the following properties in application.properties config file:</p>
 <div class="source"><pre class="prettyprint">
 atlas.authorizer.impl=simple
 atlas.authorizer.simple.authz.policy.file=/etc/atlas/conf/atlas-simple-authz-policy.json

 </pre></div>
 <p>Please note that if the policy file location specified is not an absolute path, the file will be looked up in following paths:</p>
 <ul>
 <li>Apache Atlas configuration directory (specified by system property <tt>atlas.conf</tt>)</li>
 <li>Apache Atlas server's current directory</li>
 <li>CLASSPATH</li></ul></div>
 <div class="section">
 <h5><a name="Policy_file_format"></a>Policy file format</h5>
 <p>Simple authorizer uses <tt>roles</tt> to group permissions, which can then be assigned to users and user-groups. Following examples would help to understand the details of the policy file format:</p></div>
 <div class="section">
 <h6><a name="Roles"></a>Roles</h6>
 <p>Following policy file defines 3 roles:</p>
 <ul>
 <li>ROLE_ADMIN: has all permissions</li>
 <li>PROD_READ_ONLY: has access to read entities having qualifiedName ending with &quot;@prod&quot;</li>
 <li>TEST_ALL_ACCESS: has all access to entities having qualifiedName ending with &quot;@test&quot;</li></ul>
 <p>Simple authorizer supports Java reg-ex to specify values for privilege/entity-type/entity-id/classification/typeName/typeCategory.</p>
 <div class="source"><pre class="prettyprint">
 {
   &quot;roles&quot;: {
     &quot;ROLE_ADMIN&quot;: {
       &quot;adminPermissions&quot;: [
         {
           &quot;privileges&quot;: [ &quot;.*&quot; ]
         }
       ],

       &quot;entityPermissions&quot;: [
         {
           &quot;privileges&quot;:      [ &quot;.*&quot; ],
           &quot;entityTypes&quot;:     [ &quot;.*&quot; ],
           &quot;entityIds&quot;:       [ &quot;.*&quot; ],
           &quot;classifications&quot;: [ &quot;.*&quot; ]
         }
       ],

       &quot;typePermissions&quot;: [
         {
           &quot;privileges&quot;:     [ &quot;.*&quot; ],
           &quot;typeCategories&quot;: [ &quot;.*&quot; ],
           &quot;typeNames&quot;:      [ &quot;.*&quot; ]
         }
       ]
     },

     &quot;PROD_READ_ONLY&quot; : {
       &quot;entityPermissions&quot;: [
         {
           &quot;privileges&quot;:      [ &quot;entity-read&quot;, &quot;entity-read-classification&quot; ],
           &quot;entityTypes&quot;:     [ &quot;.*&quot; ],
           &quot;entityIds&quot;:       [ &quot;.*@prod&quot; ],
           &quot;classifications&quot;: [ &quot;.*&quot; ]
         }
     }

     &quot;TEST_ALL_ACCESS&quot; : {
       &quot;entityPermissions&quot;: [
         {
           &quot;privileges&quot;:      [ &quot;.*&quot; ],
           &quot;entityTypes&quot;:     [ &quot;.*&quot; ],
           &quot;entityIds&quot;:       [ &quot;.*@test&quot; ],
           &quot;classifications&quot;: [ &quot;.*&quot; ]
         }
     }
   },

   &quot;userRoles&quot;: {
    ...
   },

   &quot;groupRoles&quot;: {
    ...
   }
 }


 </pre></div></div>
 <div class="section">
 <h6><a name="Assign_Roles_to_Users_and_User_Groups"></a>Assign Roles to Users and User Groups</h6>
 <p>Roles defined above can be assigned (granted) to users as shown below:</p>
 <div class="source"><pre class="prettyprint">
 {
   &quot;roles&quot;: {
    ...
   },

   &quot;userRoles&quot;: {
     &quot;admin&quot;:   [ &quot;ROLE_ADMIN&quot; ],
     &quot;steward&quot;: [ &quot;DATA_STEWARD&quot; ],
     &quot;user1&quot;:   [ &quot;PROD_READ_ONLY&quot; ],
     &quot;user2&quot;:   [ &quot;TEST_ALL_ACCESS&quot; ],
     &quot;user3&quot;:   [ &quot;PROD_READ_ONLY&quot;, &quot;TEST_ALL_ACCESS&quot; ],
   },

   &quot;groupRoles&quot;: {
    ...
   }
 }

 </pre></div>
 <p>Roles can be assigned (granted) to user-groups as shown below. An user can belong to multiple groups; roles assigned to all groups the user belongs to will be used to authorize the access.</p>
 <div class="source"><pre class="prettyprint">
 {
   &quot;roles&quot;: {
    ...
   },

   &quot;userRoles&quot;: {
    ...
   },

   &quot;groupRoles&quot;: {
     &quot;admins&quot;:        [ &quot;ROLE_ADMIN&quot; ],
     &quot;dataStewards&quot;:  [ &quot;DATA_STEWARD&quot; ],
     &quot;testUsers&quot;:     [ &quot;TEST_ALL_ACCESS&quot; ],
     &quot;prodReadUsers&quot;: [ &quot;PROD_READ_ONLY&quot; ]
   }
 }

 </pre></div></div>
         </div>
     </div>
     <hr/>
     <footer>
       <div class="container">
         <div class="row">
 <p><a href="https://www.apache.org/foundation/contributing"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support the ASF" id="asf-logo" height="20" width="20" /></a>Copyright © 2011-2018 The Apache Software Foundation. Licensed under the <a href="https://www.apache.org/licenses/">Apache License, Version 2.0</a>.<br/>
 Apache Atlas, Atlas, Apache, the Apache feather logo are trademarks of the <a href="https://www.apache.org">Apache Software Foundation</a>.<br/>
 All other marks mentioned may be trademarks or registered trademarks of their respective owners.</p>
         </div>
         <p id="poweredBy" class="pull-right"><a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"><img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" /></a>
 </p>
       </div>
     </footer>
   </body>
 </html>
	<!DOCTYPE html>
	<!--
	\| Generated by Apache Maven Doxia Site Renderer 1.8 from src/site/twiki/Atlas-Authorization-Simple-Authorizer.twiki at 2018-06-14
	\| Rendered using Apache Maven Fluido Skin 1.7
	-->
	<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
	<head>
	<meta charset="UTF-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
	<meta name="Date-Revision-yyyymmdd" content="20180614" />
	<meta http-equiv="Content-Language" content="en" />
	<title>Apache Atlas – Setting up Atlas to use Simple Authorizer</title>
	<link rel="stylesheet" href="./css/apache-maven-fluido-1.7.min.css" />
	<link rel="stylesheet" href="./css/site.css" />
	<link rel="stylesheet" href="./css/print.css" media="print" />
	<script type="text/javascript" src="./js/apache-maven-fluido-1.7.min.js"></script>
	</head>
	<body class="topBarEnabled">
	<div id="topbar" class="navbar navbar-fixed-top ">
	<div class="navbar-inner">
	<div class="container" style="width: 68%;"><div class="nav-collapse">
	<ul class="nav">
	<li class="dropdown">
	<a href="#" class="dropdown-toggle" data-toggle="dropdown">Apache Atlas <b class="caret"></b></a>
	<ul class="dropdown-menu">
	<li><a href="index.html" title="Overview">Overview</a></li>
	<li><a href="license.html" title="License">License</a></li>
	<li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="Downloads">Downloads</a></li>
	<li><a href="https://cwiki.apache.org/confluence/display/ATLAS" title="Wiki">Wiki</a></li>
	<li><a href="https://git-wip-us.apache.org/repos/asf/atlas.git" title="Git">Git</a></li>
	<li><a href="https://issues.apache.org/jira/browse/ATLAS" title="Jira">Jira</a></li>
	<li><a href="https://reviews.apache.org/groups/atlas/?sort=-time_added" title="Review Board">Review Board</a></li>
	</ul>
	</li>
	<li class="dropdown">
	<a href="#" class="dropdown-toggle" data-toggle="dropdown">Project Information <b class="caret"></b></a>
	<ul class="dropdown-menu">
	<li><a href="project-info.html" title="Summary">Summary</a></li>
	<li><a href="mail-lists.html" title="Mailing Lists">Mailing Lists</a></li>
	<li><a href="team-list.html" title="Team">Team</a></li>
	<li><a href="issue-tracking.html" title="Issue Tracking">Issue Tracking</a></li>
	<li><a href="source-repository.html" title="Source Repository">Source Repository</a></li>
	</ul>
	</li>
	<li class="dropdown">
	<a href="#" class="dropdown-toggle" data-toggle="dropdown">Downloads <b class="caret"></b></a>
	<ul class="dropdown-menu">
	<li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="1.0.0">1.0.0</a></li>
	<li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="0.8.2">0.8.2</a></li>
	<li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="0.8.1">0.8.1</a></li>
	<li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="0.8-incubating">0.8-incubating</a></li>
	<li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="0.7.1-incubating">0.7.1-incubating</a></li>
	<li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="0.7-incubating">0.7-incubating</a></li>
	<li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="0.6-incubating">0.6-incubating</a></li>
	<li><a href="http://atlas.apache.org/#/Downloads" target="_blank" title="0.5-incubating">0.5-incubating</a></li>
	</ul>
	</li>
	<li class="dropdown">
	<a href="#" class="dropdown-toggle" data-toggle="dropdown">Documentation <b class="caret"></b></a>
	<ul class="dropdown-menu">
	<li><a href="../index.html" title="latest">latest</a></li>
	<li><a href="../1.0.0/index.html" title="1.0.0">1.0.0</a></li>
	<li><a href="../0.8.2/index.html" title="0.8.2">0.8.2</a></li>
	<li><a href="../0.8.1/index.html" title="0.8.1">0.8.1</a></li>
	<li><a href="../0.8.0-incubating/index.html" title="0.8-incubating">0.8-incubating</a></li>
	<li><a href="../0.7.1-incubating/index.html" title="0.7.1-incubating">0.7.1-incubating</a></li>
	<li><a href="../0.7.0-incubating/index.html" title="0.7-incubating">0.7-incubating</a></li>
	<li><a href="../0.6.0-incubating/index.html" title="0.6-incubating">0.6-incubating</a></li>
	<li><a href="../0.5.0-incubating/index.html" title="0.5-incubating">0.5-incubating</a></li>
	</ul>
	</li>
	<li class="dropdown">
	<a href="#" class="dropdown-toggle" data-toggle="dropdown">ASF <b class="caret"></b></a>
	<ul class="dropdown-menu">
	<li><a href="http://www.apache.org/foundation/how-it-works.html" title="How Apache Works">How Apache Works</a></li>
	<li><a href="https://www.apache.org/events/current-event" title="Events">Events</a></li>
	<li><a href="https://www.apache.org/licenses/" title="License">License</a></li>
	<li><a href="http://www.apache.org/foundation/" title="Foundation">Foundation</a></li>
	<li><a href="http://www.apache.org/foundation/sponsorship.html" title="Sponsoring Apache">Sponsoring Apache</a></li>
	<li><a href="http://www.apache.org/foundation/thanks.html" title="Thanks">Thanks</a></li>
	</ul>
	</li>
	</ul>
	<form id="search-form" action="https://www.google.com/search" method="get" class="navbar-search pull-right" >
	<input value="http://atlas.apache.org" name="sitesearch" type="hidden"/>
	<input class="search-query" name="q" id="query" type="text" />
	</form>
	<script type="text/javascript">asyncJs( 'https://cse.google.com/brand?form=search-form' )</script>
	<iframe src="https://www.facebook.com/plugins/like.php?href=http://atlas.apache.org/atlas-docs&send=false&layout=button_count&show-faces=false&action=like&colorscheme=dark"
	scrolling="no" frameborder="0"
	style="border:none; width:100px; height:20px; margin-top: 10px;" class="pull-right" ></iframe>
	<script type="text/javascript">asyncJs( 'https://apis.google.com/js/plusone.js' )</script>
	<ul class="nav pull-right"><li style="margin-top: 10px;">
	<div class="g-plusone" data-href="http://atlas.apache.org/atlas-docs" data-size="medium" width="60px" align="right" ></div>
	</li></ul>
	</div>
	</div>
	</div>
	</div>
	<div class="container">
	<div id="banner">
	<div class="pull-left"><a href=".." id="bannerLeft"><img src="images/atlas-logo.png" alt="Apache Atlas" width="200px" height="45px"/></a></div>
	<div class="pull-right"></div>
	<div class="clear"><hr/></div>
	</div>

	<div id="breadcrumbs">
	<ul class="breadcrumb">
	<li class=""><a href="http://www.apache.org" class="externalLink" title="Apache">Apache</a><span class="divider">/</span></li>
	<li class=""><a href="index.html" title="Atlas">Atlas</a><span class="divider">/</span></li>
	<li class="active ">Setting up Atlas to use Simple Authorizer</li>
	<li id="publishDate" class="pull-right"><span class="divider">\|</span> Last Published: 2018-06-14</li>
	<li id="projectVersion" class="pull-right">Version: 1.0.0</li>
	</ul>
	</div>
	<div id="bodyColumn" >
	<div class="section">
	<h4><a name="Setting_up_Atlas_to_use_Simple_Authorizer"></a>Setting up Atlas to use Simple Authorizer</h4>
	<p>As detailed in <a href="./Atlas-Authorization-Model.html">Atlas Authorization Model</a>, Apache Atlas supports a pluggable authorization model. Simple authorizer is the default authorizer implementation included in Apache Atlas. Simple authorizer uses policies defined in a JSON file. This document provides details of steps to configure Apache Atlas to use the simple authorizer and details of the JSON file format containing authorization policies.</p></div>
	<div class="section">
	<h5><a name="Configure_Apache_Atlas"></a>Configure Apache Atlas</h5>
	<p>To configure Apache Atlas to use simple authorizer, include the following properties in application.properties config file:</p>
	<div class="source"><pre class="prettyprint">
	atlas.authorizer.impl=simple
	atlas.authorizer.simple.authz.policy.file=/etc/atlas/conf/atlas-simple-authz-policy.json

	</pre></div>
	<p>Please note that if the policy file location specified is not an absolute path, the file will be looked up in following paths:</p>
	<ul>
	<li>Apache Atlas configuration directory (specified by system property <tt>atlas.conf</tt>)</li>
	<li>Apache Atlas server's current directory</li>
	<li>CLASSPATH</li></ul></div>
	<div class="section">
	<h5><a name="Policy_file_format"></a>Policy file format</h5>
	<p>Simple authorizer uses <tt>roles</tt> to group permissions, which can then be assigned to users and user-groups. Following examples would help to understand the details of the policy file format:</p></div>
	<div class="section">
	<h6><a name="Roles"></a>Roles</h6>
	<p>Following policy file defines 3 roles:</p>
	<ul>
	<li>ROLE_ADMIN: has all permissions</li>
	<li>PROD_READ_ONLY: has access to read entities having qualifiedName ending with "@prod"</li>
	<li>TEST_ALL_ACCESS: has all access to entities having qualifiedName ending with "@test"</li></ul>
	<p>Simple authorizer supports Java reg-ex to specify values for privilege/entity-type/entity-id/classification/typeName/typeCategory.</p>
	<div class="source"><pre class="prettyprint">
	{
	"roles": {
	"ROLE_ADMIN": {
	"adminPermissions": [
	{
	"privileges": [ ".*" ]
	}
	],

	"entityPermissions": [
	{
	"privileges": [ ".*" ],
	"entityTypes": [ ".*" ],
	"entityIds": [ ".*" ],
	"classifications": [ ".*" ]
	}
	],

	"typePermissions": [
	{
	"privileges": [ ".*" ],
	"typeCategories": [ ".*" ],
	"typeNames": [ ".*" ]
	}
	]
	},

	"PROD_READ_ONLY" : {
	"entityPermissions": [
	{
	"privileges": [ "entity-read", "entity-read-classification" ],
	"entityTypes": [ ".*" ],
	"entityIds": [ ".*@prod" ],
	"classifications": [ ".*" ]
	}
	}

	"TEST_ALL_ACCESS" : {
	"entityPermissions": [
	{
	"privileges": [ ".*" ],
	"entityTypes": [ ".*" ],
	"entityIds": [ ".*@test" ],
	"classifications": [ ".*" ]
	}
	}
	},

	"userRoles": {
	...
	},

	"groupRoles": {
	...
	}
	}


	</pre></div></div>
	<div class="section">
	<h6><a name="Assign_Roles_to_Users_and_User_Groups"></a>Assign Roles to Users and User Groups</h6>
	<p>Roles defined above can be assigned (granted) to users as shown below:</p>
	<div class="source"><pre class="prettyprint">
	{
	"roles": {
	...
	},

	"userRoles": {
	"admin": [ "ROLE_ADMIN" ],
	"steward": [ "DATA_STEWARD" ],
	"user1": [ "PROD_READ_ONLY" ],
	"user2": [ "TEST_ALL_ACCESS" ],
	"user3": [ "PROD_READ_ONLY", "TEST_ALL_ACCESS" ],
	},

	"groupRoles": {
	...
	}
	}

	</pre></div>
	<p>Roles can be assigned (granted) to user-groups as shown below. An user can belong to multiple groups; roles assigned to all groups the user belongs to will be used to authorize the access.</p>
	<div class="source"><pre class="prettyprint">
	{
	"roles": {
	...
	},

	"userRoles": {
	...
	},

	"groupRoles": {
	"admins": [ "ROLE_ADMIN" ],
	"dataStewards": [ "DATA_STEWARD" ],
	"testUsers": [ "TEST_ALL_ACCESS" ],
	"prodReadUsers": [ "PROD_READ_ONLY" ]
	}
	}

	</pre></div></div>
	</div>
	</div>
	<hr/>
	<footer>
	<div class="container">
	<div class="row">
	<p><a href="https://www.apache.org/foundation/contributing"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support the ASF" id="asf-logo" height="20" width="20" /></a>Copyright © 2011-2018 The Apache Software Foundation. Licensed under the <a href="https://www.apache.org/licenses/">Apache License, Version 2.0</a>.<br/>
	Apache Atlas, Atlas, Apache, the Apache feather logo are trademarks of the <a href="https://www.apache.org">Apache Software Foundation</a>.<br/>
	All other marks mentioned may be trademarks or registered trademarks of their respective owners.</p>
	</div>
	<p id="poweredBy" class="pull-right"><a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"><img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" /></a>
	</p>
	</div>
	</footer>
	</body>
	</html>