| { |
| "name": "test access control policies for nestedstructure", |
| "comments": [ |
| "tests on authorizing access to customer Json records, along with fields masking and record filtering", |
| "record structure:", |
| " { ", |
| " id: 1,", |
| " name: customerName,", |
| " phone: phoneNumber,", |
| " email: emailAddress,", |
| " address: { line1: streetName, line2: landmark, city: myCity, state: myState, zipCode: myZipCode }", |
| " lastOrderDate: 2022/07/16,", |
| " recentOrders: [", |
| " {", |
| " orderId: 1,", |
| " orderDate: 2022/06/14,", |
| " orderAmount: 504.76", |
| " }", |
| " {", |
| " orderId: 2,", |
| " orderDate: 2022/06/06,", |
| " orderAmount: 321.98", |
| " }", |
| " ]", |
| " }" |
| ], |
| "policies": { |
| "serviceName": "dev_nestedstructure", |
| "serviceId": 1, |
| "policyVersion": 1, |
| "auditMode": "audit-none", |
| "policies": [ |
| { |
| "id": 1, "name":"ACCESS: schema=customer, field=*", |
| "resources": { "schema": { "values": [ "customer" ] }, "field": { "values": [ "*" ] } }, |
| "policyItems":[ |
| { "accesses": [ { "type": "read" } ], "users": [ "user1" ], "groups": [ "analysts" ] } |
| ] |
| }, |
| { |
| "id": 2, "name":"ACCESS: schema=customer, field=id,name,lastOrderDate,recentOrders", |
| "resources": { "schema": { "values": [ "customer" ] }, "field": { "values": [ "id", "name", "lastOrderDate", "recentOrders.*" ] } }, |
| "policyItems":[ |
| { "accesses": [ { "type": "read" } ], "groups": [ "csr" ] } |
| ] |
| }, |
| { |
| "id": 101, "name":"MASKING: schema=customer, field=lastOrderDate", "policyType": 1, |
| "resources": { "schema": { "values": [ "customer" ] }, "field": { "values": [ "lastOrderDate"] } }, |
| "dataMaskPolicyItems":[ |
| { "accesses": [ { "type": "read" } ], "groups": [ "analysts" ], "dataMaskInfo": { "dataMaskType": "MASK_NULL" } }, |
| { "accesses": [ { "type": "read" } ], "groups": [ "csr" ], "dataMaskInfo": { "dataMaskType": "MASK_DATE_SHOW_YEAR" } } |
| ] |
| }, |
| { |
| "id": 102, "name":"MASKING: schema=customer, field=recentOrders.orderDate", "policyType": 1, |
| "resources": { "schema": { "values": [ "customer" ] }, "field": { "values": [ "recentOrders.orderDate"] } }, |
| "dataMaskPolicyItems":[ |
| { "accesses": [ { "type": "read" } ], "groups": [ "analysts" ], "dataMaskInfo": { "dataMaskType": "MASK_NULL" } }, |
| { "accesses": [ { "type": "read" } ], "groups": [ "csr" ], "dataMaskInfo": { "dataMaskType": "MASK_DATE_SHOW_YEAR" } } |
| ] |
| }, |
| { |
| "id": 201, "name":"FILTER: schema=customer", "policyType": 2, |
| "resources": { "schema": { "values": [ "customer" ] } }, |
| "rowFilterPolicyItems":[ |
| { "accesses": [ { "type": "read" } ], "groups": [ "region-ca" ], "rowFilterInfo": { "filterExpr": "jsonAttr.address.state == 'CA'" } }, |
| { "accesses": [ { "type": "read" } ], "groups": [ "region-wa" ], "rowFilterInfo": { "filterExpr": "jsonAttr.address.state == 'WA'" } } |
| ] |
| } |
| ] |
| }, |
| "tags": { }, |
| "roles": { |
| "roleVersion": 1 |
| }, |
| "serviceDefFilename": "/servicedef-nestedstructure.json", |
| "tests": [ |
| { |
| "name": "ALLOW user1 to read schema=customer, fields=[id,email,address,lastOrderDate]", |
| "user": "user1", "accessType": "read", |
| "schema": "customer", |
| "json": "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":\"2022-07-16\"}", |
| "result": { |
| "hasAccess": true, |
| "json": "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":\"2022-07-16\"}", |
| "errors": [ ] |
| } |
| }, |
| { |
| "name": "ALLOW user in groups=[csr] to read schema=customer, with masked-year for lastOrderDate and recentOrders.orderDate", |
| "user": "some-user", "userGroups": [ "csr" ], "accessType": "read", |
| "schema": "customer", |
| "json": "{\"id\":\"1\",\"name\":\"CA-Customer\",\"lastOrderDate\":\"2022-07-16\",\"recentOrders\":[{\"orderId\":1,\"orderDate\":\"2022-06-14\",\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":\"2022-06-06\",\"orderAmount\":321.98}]}", |
| "result": { |
| "hasAccess": true, |
| "json": "{\"id\":\"1\",\"name\":\"CA-Customer\",\"lastOrderDate\":\"2022\",\"recentOrders\":[{\"orderId\":1,\"orderDate\":\"2022\",\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":\"2022\",\"orderAmount\":321.98}]}", |
| "errors": [ ] |
| } |
| }, |
| { |
| "name": "DENY user in groups=[csr] to read schema=customer, fields=[email,address]", |
| "user": "some-user", "userGroups": [ "csr" ], "accessType": "read", |
| "schema": "customer", |
| "json": "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":\"2022-07-16\"}", |
| "result": { |
| "hasAccess": false, |
| "json": null, |
| "errors": [ ] |
| } |
| }, |
| { |
| "name": "ALLOW user in groups=[analysts, region-ca] to read schema=customer, having address.state=CA, with masked-null for lastOrderDate", |
| "user": "some-user", "userGroups": [ "analysts", "region-ca" ], "accessType": "read", |
| "schema": "customer", |
| "json": "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":\"2022-07-16\",\"recentOrders\":[{\"orderId\":1,\"orderDate\":\"2022-06-14\",\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":\"2022-06-06\",\"orderAmount\":321.98}]}", |
| "result": { |
| "hasAccess": true, |
| "json": "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":null,\"recentOrders\":[{\"orderId\":1,\"orderDate\":null,\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":null,\"orderAmount\":321.98}]}", |
| "errors": [ ] |
| } |
| }, |
| { |
| "name": "DENY user in groups=[analysts, region-ca] to read schema=customer, having address.state=WA", |
| "user": "some-user", "userGroups": [ "analysts", "region-ca" ], "accessType": "read", |
| "schema": "customer", |
| "json": "{\"id\":\"2\",\"name\":\"WA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"WA\"},\"lastOrderDate\":\"2022-07-16\"}", |
| "result": { |
| "hasAccess": false, |
| "json": null, |
| "errors": [ ] |
| } |
| }, |
| { |
| "name": "ALLOW user in groups=[analysts, region-wa] to read schema=customer, having address.state=WA, with masked-null for lastOrderDate", |
| "user": "some-user", "userGroups": [ "analysts", "region-wa" ], "accessType": "read", |
| "schema": "customer", |
| "json": "{\"id\":\"2\",\"name\":\"WA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"WA\"},\"lastOrderDate\":\"2022-07-16\",\"recentOrders\":[{\"orderId\":1,\"orderDate\":\"2022-06-14\",\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":\"2022-06-06\",\"orderAmount\":321.98}]}", |
| "result": { |
| "hasAccess": true, |
| "json": "{\"id\":\"2\",\"name\":\"WA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"WA\"},\"lastOrderDate\":null,\"recentOrders\":[{\"orderId\":1,\"orderDate\":null,\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":null,\"orderAmount\":321.98}]}", |
| "errors": [ ] |
| } |
| }, |
| { |
| "name": "DENY user in groups=[analysts, region-wa] to read schema=customer, having address.state=CA", |
| "user": "some-user", "userGroups": [ "analysts", "region-wa" ], "accessType": "read", |
| "schema": "customer", |
| "json": "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":\"2022-07-16\"}", |
| "result": { |
| "hasAccess": false, |
| "json": null, |
| "errors": [ ] |
| } |
| }, |
| { |
| "name": "DENY user1 to read schema=employee, field=id", |
| "user": "user1", "accessType": "read", |
| "schema": "employee", |
| "json": "{\"id\":\"1\"}", |
| "result": { "hasAccess": false, "json": null, "errors": [ ] } |
| } |
| ] |
| } |