| { |
| "serviceName":"atlasdev", |
| |
| "serviceDef":{ |
| "name":"atlas", |
| "id":3, |
| "resources":[ |
| {"name":"entity-type","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Entity Type","description":"Entity Type"}, |
| {"name":"entity-classification","level":2,"parent":"entity-type","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Entity Classification","description":"Entity Classification"}, |
| {"name":"entity","level":2,"parent":"entity-classification","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Entity ID","description":"Entity ID"} |
| ], |
| "accessTypes":[ |
| {"name":"entity-read","label":"Read Entity"}, |
| {"name":"entity-create","label":"Create Entity"}, |
| {"name":"entity-update","label":"Update Entity"}, |
| {"name":"entity-delete","label":"Delete Entity"}, |
| {"name":"entity-add-classification","label":"Add Entity Classification"}, |
| {"name":"entity-update-classification","label":"Update Entity Classification"}, |
| {"name":"entity-remove-classification","label":"Remove Entity Classification"} |
| ] |
| }, |
| |
| "policies":[ |
| {"id":1,"name":"policy for DataSets","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"entity-type":{"values":["DataSet"]},"entity-classification":{"values":["*"]},"entity":{"values":["*"]}}, |
| "policyItems":[ |
| {"accesses":[{"type":"entity-read", "isAllowed":true}],"users":[],"groups":["data-stewards"],"delegateAdmin":false} |
| ] |
| } |
| , |
| {"id":2,"name":"policy for hive_table","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"entity-type":{"values":["hive_table"]},"entity-classification":{"values":["*"]},"entity":{"values":["*"]}}, |
| "policyItems":[ |
| {"accesses":[{"type":"entity-read", "isAllowed":true}],"users":[],"groups":["hive-admins"],"delegateAdmin":false} |
| ] |
| } |
| , |
| {"id":10,"name":"policy for PII classification","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"entity-type":{"values":["hive_table"]},"entity-classification":{"values":["PII"]},"entity":{"values":["*"]}}, |
| "policyItems":[ |
| {"accesses":[{"type":"entity-read", "isAllowed":true}],"users":[],"groups":["privacy-officers"],"delegateAdmin":false} |
| ] |
| } |
| , |
| {"id":20,"name":"policy for EMAIL_PII classification","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"entity-type":{"values":["hive_table"]},"entity-classification":{"values":["EMAIL_PII"]},"entity":{"values":["*"]}}, |
| "policyItems":[ |
| {"accesses":[{"type":"entity-read", "isAllowed":true}],"users":[],"groups":["email-admins"],"delegateAdmin":false} |
| ] |
| } |
| ], |
| |
| "tests":[ |
| {"name":"DataSet read by a data-steward", |
| "request":{ |
| "resource":{"elements":{"entity-type":"DataSet", "entity-classification":[]}, "entity":"default@cl1"}, |
| "accessType":"entity-read","user":"user1","userGroups":["data-stewards"] |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":1} |
| } |
| , |
| {"name":"DataSet read by a hive-admin", |
| "request":{ |
| "resource":{"elements":{"entity-type":"DataSet", "entity-classification":""}, "entity":"default@cl1"}, |
| "accessType":"entity-read","user":"user1","userGroups":["hive-admins"] |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"hive_table read by a data-steward", |
| "request":{ |
| "resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":""}, "entity":"default.testtable@cl1"}, |
| "accessType":"entity-read","user":"user1","userGroups":["data-stewards"] |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":1} |
| } |
| , |
| {"name":"hive_table read by a hive-admin", |
| "request":{ |
| "resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":""}, "entity":"default.testtable@cl1"}, |
| "accessType":"entity-read","user":"user1","userGroups":["hive-admins"] |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"PII hive_table read by a privacy-officer", |
| "request":{ |
| "resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":["PII"]}, "entity":"default.testtable@cl1"}, |
| "accessType":"entity-read","user":"user1","userGroups":["privacy-officers"] |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":10} |
| } |
| , |
| {"name":"PII hive_table read by a email-admin", |
| "request":{ |
| "resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":["PII"]}, "entity":"default.testtable@cl1"}, |
| "accessType":"entity-read","user":"user1","userGroups":["email-admins"] |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"EMAIL_PII hive_table read by a privacy-officer", |
| "request":{ |
| "resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":["PII", "EMAIL_PII"]}, "entity":"default.testtable@cl1"}, |
| "accessType":"entity-read","user":"user1","userGroups":["privacy-officers"] |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":10} |
| } |
| , |
| {"name":"EMAIL_PII hive_table read by a email-admin", |
| "request":{ |
| "resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":["PII", "EMAIL_PII"]}, "entity":"default.testtable@cl1"}, |
| "accessType":"entity-read","user":"user1","userGroups":["email-admins"] |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":20} |
| } |
| ] |
| } |
| |