commit e96b1accc2d2de4c00edb78afefcc66862f48790
author nixonrodrigues <nixon@apache.org> Wed Mar 07 19:14:24 2018 +0530
committer kevalbhatt <kbhatt@apache.org> Thu Mar 08 17:15:09 2018 +0530
tree ad1c0d7795badd3cd45e6ca1b7093c95ba848ff9
parent a6b3521e04c9d65b148500c5858e74027df289c1

ATLAS-2486 :- Policy json file for authorization in distro conf

Signed-off-by: kevalbhatt <kbhatt@apache.org>

distro/src/conf/atlas-simple-authz-policy.json

diff --git a/distro/src/conf/atlas-simple-authz-policy.json b/distro/src/conf/atlas-simple-authz-policy.json
new file mode 100644
index 0000000..01104a8
--- /dev/null
+++ b/distro/src/conf/atlas-simple-authz-policy.json
@@ -0,0 +1,61 @@
+{
+  "roles": {
+    "ROLE_ADMIN": {
+      "adminPermissions": [
+        {
+          "privileges": [ ".*" ]
+        }
+      ],
+
+      "entityPermissions": [
+        {
+          "privileges":      [ ".*" ],
+          "entityTypes":     [ ".*" ],
+          "entityIds":       [ ".*" ],
+          "classifications": [ ".*" ]
+        }
+      ],
+
+      "typePermissions": [
+        {
+          "privileges":     [ ".*" ],
+          "typeCategories": [ ".*" ],
+          "typeNames":      [ ".*" ]
+        }
+      ]
+    },
+
+    "DATA_SCIENTIST": {
+      "entityPermissions": [
+        {
+          "privileges":      [ "entity-read", "entity-read-classification" ],
+          "entityTypes":     [ ".*" ],
+          "entityIds":       [ ".*" ],
+          "classifications": [ ".*" ]
+        }
+      ]
+    },
+
+    "DATA_STEWARD": {
+      "entityPermissions": [
+        {
+          "privileges":      [ "entity-read", "entity-create", "entity-update", "entity-read-classification", "entity-add-classification", "entity-update-classification", "entity-remove-classification" ],
+          "entityTypes":     [ ".*" ],
+          "entityIds":       [ ".*" ],
+          "classifications": [ ".*" ]
+        }
+      ]
+    }
+  },
+
+  "userRoles": {
+    "admin": [ "ROLE_ADMIN" ]
+  },
+
+  "groupRoles": {
+    "ROLE_ADMIN":      [ "ROLE_ADMIN" ],
+    "hadoop":          [ "DATA_STEWARD" ],
+    "DATA_STEWARD":    [ "DATA_STEWARD" ],
+    "RANGER_TAG_SYNC": [ "DATA_SCIENTIST" ]
+  }
+}

distro/src/conf/policy-store.txt

diff --git a/distro/src/conf/policy-store.txt b/distro/src/conf/policy-store.txt
deleted file mode 100644
index 58d4d4c..0000000
--- a/distro/src/conf/policy-store.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-##Policy Format
-##r-READ, w-WRITE, u-UPDATE, d-DELETE
-##Policy_Name;;User_Name1:Operations_Allowed,User_Name2:Operations_Allowed;;Group_Name1:Operations_Allowed,Group_Name2:Operations_Allowed;;Resource_Type1:Resource_Name,Resource_Type2:Resource_Name
-##
-adminPolicy;;admin:rwud;;ROLE_ADMIN:rwud;;type:*,entity:*,operation:*,relationship:*
-dataScientistPolicy;;;;DATA_SCIENTIST:r;;type:*,entity:*,relationship:*
-dataStewardPolicy;;;;DATA_STEWARD:rwu;;type:*,entity:*,relationship:*
-hadoopPolicy;;;;hadoop:rwud;;type:*,entity:*,operation:*,relationship:*
-rangerTagSyncPolicy;;;;RANGER_TAG_SYNC:r;;type:*,entity:*