agents-common/src/test/resources/policyengine/test_policyengine_hive.json - ranger - Git at Google

 {
   "serviceName":"hivedev",

   "serviceDef":{
     "name":"hive",
     "id":3,
     "resources":[
       {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Database","description":"Hive Database"},
       {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Table","description":"Hive Table"},
       {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive UDF","description":"Hive UDF"},
       {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Column","description":"Hive Column"}
     ],
     "accessTypes":[
       {"name":"select","label":"Select"},
       {"name":"update","label":"Update"},
       {"name":"create","label":"Create"},
       {"name":"drop","label":"Drop"},
       {"name":"alter","label":"Alter"},
       {"name":"index","label":"Index"},
       {"name":"lock","label":"Lock"},
       {"name":"all","label":"All"}
     ]
   },

   "policies":[
     {"id":1,"name":"db=default: audit-all-access","isEnabled":true,"isAuditEnabled":true,
      "resources":{"database":{"values":["default"]},"table":{"values":["*"]},"column":{"values":["*"]}},
      "policyItems":[
        {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
      ]
     }
     ,
     {"id":2,"name":"db=default; table=test*; column=*","isEnabled":true,"isAuditEnabled":true,
      "resources":{"database":{"values":["default"]},"table":{"values":["test*"]},"column":{"values":["*"]}},
      "policyItems":[
        {"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false}
        ,
        {"accesses":[{"type":"create","isAllowed":true},{"type":"drop","isAllowed":true}],"users":["admin"],"groups":["admin"],"delegateAdmin":true}
      ]
     }
     ,
     {"id":3,"name":"db=db1; table=tbl*; column=*","isEnabled":true,"isAuditEnabled":true,
      "resources":{"database":{"values":["db1"]},"table":{"values":["tbl*"]},"column":{"values":["*"]}},
      "policyItems":[
        {"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false}
      ]
     }
     ,
     {"id":4,"name":"db=db1; table=tmp; column=tmp*","isEnabled":true,"isAuditEnabled":true,
       "resources":{"database":{"values":["db1"]},"table":{"values":["tmp"]},"column":{"values":["tmp*"], "isExcludes":true}},
       "policyItems":[
         {"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false}
       ]
     }
   ],

   "tests":[
     {"name":"DENY 'select tmp_1 from db1.tmp ;' for user1",
       "request":{
         "resource":{"elements":{"database":"db1", "table":"tmp", "column":"tmp_1"}},
         "accessType":"select","user":"user1","userGroups":["users"],"requestData":"select tmp_1 from db1.tmp for user1"
         ,"remoteIPAddress":"1.1.1.1","forwardedAddresses":["127.0.0.1","10.10.10.10"]
       },
       "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"ALLOW 'select abc_1 from db1.tmp ;' for user1",
       "request":{
         "resource":{"elements":{"database":"db1", "table":"tmp", "column":"abc_1"}},
         "accessType":"select","user":"user1","userGroups":["users"],"requestData":"select abc_1 from db1.tmp for user1"
       },
       "result":{"isAudited":true,"isAllowed":true,"policyId":4}
     }
   ,
     {"name":"ALLOW 'use default;' for user1",
      "request":{
       "resource":{"elements":{"database":"default"}},
       "accessType":"","user":"user1","userGroups":["users"],"requestData":"use default"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"ALLOW 'use default;' for user2",
      "request":{
       "resource":{"elements":{"database":"default"}},
       "accessType":"","user":"user2","userGroups":["users"],"requestData":"use default"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"DENY 'use default;' to user3",
      "request":{
       "resource":{"elements":{"database":"default"}},
       "accessType":"","user":"user3","userGroups":["users"],"requestData":"use default"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"ALLOW 'use default;' to group1",
      "request":{
       "resource":{"elements":{"database":"default"}},
       "accessType":"","user":"user3","userGroups":["users", "group1"],"requestData":"use default"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"ALLOW 'use default;' to group2",
      "request":{
       "resource":{"elements":{"database":"default"}},
       "accessType":"","user":"user3","userGroups":["users", "group2"],"requestData":"use default"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"DENY 'use default;' to user3/group3",
      "request":{
       "resource":{"elements":{"database":"default"}},
       "accessType":"","user":"user3","userGroups":["users", "group3"],"requestData":"use default"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'use finance;' to user3/group3",
      "request":{
       "resource":{"elements":{"database":"finance"}},
       "accessType":"","user":"user1","userGroups":["users"],"requestData":"use finance"
      },
      "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"ALLOW 'select col1 from default.testtable;' to user1",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
       "accessType":"select","user":"user1","userGroups":["users"],"requestData":"select col1 from default.testtable"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"ALLOW 'select col1 from default.testtable;' to user2",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
       "accessType":"select","user":"user2","userGroups":["users"],"requestData":"select col1 from default.testtable"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"DENY 'select col1 from default.testtable;' to user3",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
       "accessType":"select","user":"user3","userGroups":["users"],"requestData":"select col1 from default.testtable"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"ALLOW 'select col1 from default.testtable;' to group1",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
       "accessType":"select","user":"user3","userGroups":["users","group1"],"requestData":"select col1 from default.testtable"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"ALLOW 'select col1 from default.testtable;' to group2",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
       "accessType":"select","user":"user3","userGroups":["users","group2"],"requestData":"select col1 from default.testtable"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"DENY 'select col1 from default.testtable;' to user3/group3",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
       "accessType":"select","user":"user3","userGroups":["users","group3"],"requestData":"select col1 from default.testtable"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'select col1 from default.table1;' to user1",
      "request":{
       "resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
       "accessType":"select","user":"user1","userGroups":["users"],"requestData":"select col1 from default.table1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'create table default.testtable1;' to user1",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable1"}},
       "accessType":"create","user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'create table default.testtable1;' to user1/group1",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable1"}},
       "accessType":"create","user":"user1","userGroups":["users","group1"],"requestData":"create table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"ALLOW 'create table default.testtable1;' to admin",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable1"}},
       "accessType":"create","user":"admin","userGroups":["users"],"requestData":"create table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"ALLOW 'create table default.testtable1;' to user1/admin",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable1"}},
       "accessType":"create","user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
      ,
     {"name":"DENY 'drop table default.testtable1;' to user1",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable1"}},
       "accessType":"drop","user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'drop table default.testtable1;' to user1/group1",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable1"}},
       "accessType":"drop","user":"user1","userGroups":["users","group1"],"requestData":"drop table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"ALLOW 'drop table default.testtable1;' to admin",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable1"}},
       "accessType":"drop","user":"admin","userGroups":["users"],"requestData":"drop table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"ALLOW 'drop table default.testtable1;' to user1/admin",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable1"}},
       "accessType":"drop","user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"DENY 'create table default.table1;' to user1",
      "request":{
       "resource":{"elements":{"database":"default","table":"table1"}},
       "accessType":"create","user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'create table default.table1;' to user1/admin",
      "request":{
       "resource":{"elements":{"database":"default","table":"table1"}},
       "accessType":"create","user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'drop table default.table1;' to user1",
      "request":{
       "resource":{"elements":{"database":"default","table":"table1"}},
       "accessType":"drop","user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'drop table default.table1;' to user1/admin",
      "request":{
       "resource":{"elements":{"database":"default","table":"table1"}},
       "accessType":"drop","user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'select col1 from default.table1;' to user3",
      "request":{
       "resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
       "accessType":"select","user":"user3","userGroups":["users"],"requestData":"select col1 from default.table1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY '_any access to db1/table1' for user1: table-level mismatch",
      "request":{
       "resource":{"elements":{"database":"db1", "table":"table1"}},
       "accessType":"","user":"user1","userGroups":["users"],"requestData":"show columns in table1 from db1;"
      },
      "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY '_any access to db1/_/col1' for user1: table not specified but column was specified",
      "request":{
       "resource":{"elements":{"database":"db1", "column":"col1"}},
       "accessType":"","user":"user1","userGroups":["users"],"requestData":"fictional use case when request specified a lower level resource by skipping intermediate resource"
      },
      "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"ALLOW '_any access to db1' for user1: match when request has less levels than policy",
      "request":{
       "resource":{"elements":{"database":"db1"}},
       "accessType":"","user":"user1","userGroups":["users"],"requestData":"use db1"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":3}
     }
     ,
     {"name":"ALLOW '_any access to db1/table1' for user1: match when request has same levels as policy",
      "request":{
       "resource":{"elements":{"database":"db1", "table":"tbl1"}},
       "accessType":"","user":"user1","userGroups":["users"],"requestData":"describe db1.tbl1"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":3}
     }
     ,
     {"name":"ALLOW '_any access to db1/tbl1/col1' for user1: match when request has more specific levels than policy",
      "request":{
       "resource":{"elements":{"database":"db1", "table":"tbl1", "column":"col1"}},
       "accessType":"","user":"user1","userGroups":["users"],"requestData":"fictional case: request for any match today happens only at a higher levels"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":3}
     }
   ]
 }
	{
	"serviceName":"hivedev",

	"serviceDef":{
	"name":"hive",
	"id":3,
	"resources":[
	{"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Database","description":"Hive Database"},
	{"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Table","description":"Hive Table"},
	{"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive UDF","description":"Hive UDF"},
	{"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Column","description":"Hive Column"}
	],
	"accessTypes":[
	{"name":"select","label":"Select"},
	{"name":"update","label":"Update"},
	{"name":"create","label":"Create"},
	{"name":"drop","label":"Drop"},
	{"name":"alter","label":"Alter"},
	{"name":"index","label":"Index"},
	{"name":"lock","label":"Lock"},
	{"name":"all","label":"All"}
	]
	},

	"policies":[
	{"id":1,"name":"db=default: audit-all-access","isEnabled":true,"isAuditEnabled":true,
	"resources":{"database":{"values":["default"]},"table":{"values":[""]},"column":{"values":[""]}},
	"policyItems":[
	{"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
	]
	}
	,
	{"id":2,"name":"db=default; table=test; column=","isEnabled":true,"isAuditEnabled":true,
	"resources":{"database":{"values":["default"]},"table":{"values":["test"]},"column":{"values":[""]}},
	"policyItems":[
	{"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false}
	,
	{"accesses":[{"type":"create","isAllowed":true},{"type":"drop","isAllowed":true}],"users":["admin"],"groups":["admin"],"delegateAdmin":true}
	]
	}
	,
	{"id":3,"name":"db=db1; table=tbl; column=","isEnabled":true,"isAuditEnabled":true,
	"resources":{"database":{"values":["db1"]},"table":{"values":["tbl"]},"column":{"values":[""]}},
	"policyItems":[
	{"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false}
	]
	}
	,
	{"id":4,"name":"db=db1; table=tmp; column=tmp*","isEnabled":true,"isAuditEnabled":true,
	"resources":{"database":{"values":["db1"]},"table":{"values":["tmp"]},"column":{"values":["tmp*"], "isExcludes":true}},
	"policyItems":[
	{"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false}
	]
	}
	],

	"tests":[
	{"name":"DENY 'select tmp_1 from db1.tmp ;' for user1",
	"request":{
	"resource":{"elements":{"database":"db1", "table":"tmp", "column":"tmp_1"}},
	"accessType":"select","user":"user1","userGroups":["users"],"requestData":"select tmp_1 from db1.tmp for user1"
	,"remoteIPAddress":"1.1.1.1","forwardedAddresses":["127.0.0.1","10.10.10.10"]
	},
	"result":{"isAudited":false,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"ALLOW 'select abc_1 from db1.tmp ;' for user1",
	"request":{
	"resource":{"elements":{"database":"db1", "table":"tmp", "column":"abc_1"}},
	"accessType":"select","user":"user1","userGroups":["users"],"requestData":"select abc_1 from db1.tmp for user1"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":4}
	}
	,
	{"name":"ALLOW 'use default;' for user1",
	"request":{
	"resource":{"elements":{"database":"default"}},
	"accessType":"","user":"user1","userGroups":["users"],"requestData":"use default"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"ALLOW 'use default;' for user2",
	"request":{
	"resource":{"elements":{"database":"default"}},
	"accessType":"","user":"user2","userGroups":["users"],"requestData":"use default"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"DENY 'use default;' to user3",
	"request":{
	"resource":{"elements":{"database":"default"}},
	"accessType":"","user":"user3","userGroups":["users"],"requestData":"use default"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"ALLOW 'use default;' to group1",
	"request":{
	"resource":{"elements":{"database":"default"}},
	"accessType":"","user":"user3","userGroups":["users", "group1"],"requestData":"use default"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"ALLOW 'use default;' to group2",
	"request":{
	"resource":{"elements":{"database":"default"}},
	"accessType":"","user":"user3","userGroups":["users", "group2"],"requestData":"use default"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"DENY 'use default;' to user3/group3",
	"request":{
	"resource":{"elements":{"database":"default"}},
	"accessType":"","user":"user3","userGroups":["users", "group3"],"requestData":"use default"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'use finance;' to user3/group3",
	"request":{
	"resource":{"elements":{"database":"finance"}},
	"accessType":"","user":"user1","userGroups":["users"],"requestData":"use finance"
	},
	"result":{"isAudited":false,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"ALLOW 'select col1 from default.testtable;' to user1",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
	"accessType":"select","user":"user1","userGroups":["users"],"requestData":"select col1 from default.testtable"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"ALLOW 'select col1 from default.testtable;' to user2",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
	"accessType":"select","user":"user2","userGroups":["users"],"requestData":"select col1 from default.testtable"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"DENY 'select col1 from default.testtable;' to user3",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
	"accessType":"select","user":"user3","userGroups":["users"],"requestData":"select col1 from default.testtable"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"ALLOW 'select col1 from default.testtable;' to group1",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
	"accessType":"select","user":"user3","userGroups":["users","group1"],"requestData":"select col1 from default.testtable"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"ALLOW 'select col1 from default.testtable;' to group2",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
	"accessType":"select","user":"user3","userGroups":["users","group2"],"requestData":"select col1 from default.testtable"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"DENY 'select col1 from default.testtable;' to user3/group3",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
	"accessType":"select","user":"user3","userGroups":["users","group3"],"requestData":"select col1 from default.testtable"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'select col1 from default.table1;' to user1",
	"request":{
	"resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
	"accessType":"select","user":"user1","userGroups":["users"],"requestData":"select col1 from default.table1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'create table default.testtable1;' to user1",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable1"}},
	"accessType":"create","user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'create table default.testtable1;' to user1/group1",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable1"}},
	"accessType":"create","user":"user1","userGroups":["users","group1"],"requestData":"create table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"ALLOW 'create table default.testtable1;' to admin",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable1"}},
	"accessType":"create","user":"admin","userGroups":["users"],"requestData":"create table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"ALLOW 'create table default.testtable1;' to user1/admin",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable1"}},
	"accessType":"create","user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"DENY 'drop table default.testtable1;' to user1",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable1"}},
	"accessType":"drop","user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'drop table default.testtable1;' to user1/group1",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable1"}},
	"accessType":"drop","user":"user1","userGroups":["users","group1"],"requestData":"drop table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"ALLOW 'drop table default.testtable1;' to admin",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable1"}},
	"accessType":"drop","user":"admin","userGroups":["users"],"requestData":"drop table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"ALLOW 'drop table default.testtable1;' to user1/admin",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable1"}},
	"accessType":"drop","user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"DENY 'create table default.table1;' to user1",
	"request":{
	"resource":{"elements":{"database":"default","table":"table1"}},
	"accessType":"create","user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'create table default.table1;' to user1/admin",
	"request":{
	"resource":{"elements":{"database":"default","table":"table1"}},
	"accessType":"create","user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'drop table default.table1;' to user1",
	"request":{
	"resource":{"elements":{"database":"default","table":"table1"}},
	"accessType":"drop","user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'drop table default.table1;' to user1/admin",
	"request":{
	"resource":{"elements":{"database":"default","table":"table1"}},
	"accessType":"drop","user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'select col1 from default.table1;' to user3",
	"request":{
	"resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
	"accessType":"select","user":"user3","userGroups":["users"],"requestData":"select col1 from default.table1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY '_any access to db1/table1' for user1: table-level mismatch",
	"request":{
	"resource":{"elements":{"database":"db1", "table":"table1"}},
	"accessType":"","user":"user1","userGroups":["users"],"requestData":"show columns in table1 from db1;"
	},
	"result":{"isAudited":false,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY '_any access to db1/_/col1' for user1: table not specified but column was specified",
	"request":{
	"resource":{"elements":{"database":"db1", "column":"col1"}},
	"accessType":"","user":"user1","userGroups":["users"],"requestData":"fictional use case when request specified a lower level resource by skipping intermediate resource"
	},
	"result":{"isAudited":false,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"ALLOW '_any access to db1' for user1: match when request has less levels than policy",
	"request":{
	"resource":{"elements":{"database":"db1"}},
	"accessType":"","user":"user1","userGroups":["users"],"requestData":"use db1"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":3}
	}
	,
	{"name":"ALLOW '_any access to db1/table1' for user1: match when request has same levels as policy",
	"request":{
	"resource":{"elements":{"database":"db1", "table":"tbl1"}},
	"accessType":"","user":"user1","userGroups":["users"],"requestData":"describe db1.tbl1"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":3}
	}
	,
	{"name":"ALLOW '_any access to db1/tbl1/col1' for user1: match when request has more specific levels than policy",
	"request":{
	"resource":{"elements":{"database":"db1", "table":"tbl1", "column":"col1"}},
	"accessType":"","user":"user1","userGroups":["users"],"requestData":"fictional case: request for any match today happens only at a higher levels"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":3}
	}
	]
	}