| { |
| "serviceName":"hivedev", |
| |
| "serviceDef":{ |
| "name":"hive", |
| "id":3, |
| "resources":[ |
| {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Database","description":"Hive Database"}, |
| {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Table","description":"Hive Table"}, |
| {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive UDF","description":"Hive UDF"}, |
| {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Column","description":"Hive Column"} |
| ], |
| "accessTypes":[ |
| {"name":"select","label":"Select"}, |
| {"name":"update","label":"Update"}, |
| {"name":"create","label":"Create"}, |
| {"name":"drop","label":"Drop"}, |
| {"name":"alter","label":"Alter"}, |
| {"name":"index","label":"Index"}, |
| {"name":"lock","label":"Lock"}, |
| {"name":"all","label":"All", |
| "impliedGrants": [ |
| "select", |
| "update", |
| "create", |
| "drop", |
| "alter", |
| "index", |
| "lock" |
| ] |
| } |
| ], |
| "dataMaskDef": { |
| "maskTypes": [ |
| { |
| "itemId": 1, |
| "name": "MASK", |
| "label": "Mask", |
| "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'" |
| }, |
| { |
| "itemId": 2, |
| "name": "SHUFFLE", |
| "label": "Shuffle", |
| "description": "Randomly shuffle the contents" |
| }, |
| { |
| "itemId": 10, |
| "name": "NULL", |
| "label": "NULL", |
| "description": "Replace with NULL" |
| } |
| |
| ], |
| "accessTypes":[ |
| {"name":"select","label":"Select"} |
| ], |
| "resources":[ |
| {"name":"database","matcherOptions":{"wildCard":false}}, |
| {"name":"table","matcherOptions":{"wildCard":false}}, |
| {"name":"column","matcherOptions":{"wildCard":false}} |
| ] |
| }, |
| "rowFilterDef": { |
| "accessTypes":[ |
| {"name":"select","label":"Select"} |
| ], |
| "resources":[ |
| {"name":"database","matcherOptions":{"wildCard":false}}, |
| {"name":"table","matcherOptions":{"wildCard":false}} |
| ] |
| } |
| }, |
| |
| "policies":[ |
| {"id":1,"name":"db=*: audit-all-access","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"database":{"values":["*"]},"table":{"values":["*"]},"column":{"values":["*"]}}, |
| "policyItems":[ |
| {"accesses":[{"type":"all","isAllowed":true}],"users":["hive", "user1", "user2"],"groups":["public"],"delegateAdmin":false} |
| ] |
| }, |
| {"id":101,"name":"db=employee, table=personal, column=ssn: mask ssn column","isEnabled":true,"isAuditEnabled":true,"policyType":1, |
| "resources":{"database":{"values":["employee"]},"table":{"values":["personal"]},"column":{"values":["ssn"]}}, |
| "dataMaskPolicyItems":[ |
| {"accesses":[{"type":"select","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false, |
| "dataMaskInfo": {"dataMaskType":"MASK"} |
| }, |
| {"accesses":[{"type":"select","isAllowed":true}],"users":["user2"],"groups":[],"delegateAdmin":false, |
| "dataMaskInfo": {"dataMaskType":"SHUFFLE"} |
| } |
| ] |
| }, |
| {"id":102,"name":"db=hr, table=employee, column=date_of_birth: mask date_of_birth column","isEnabled":true,"isAuditEnabled":true,"policyType":1, |
| "resources":{"database":{"values":["hr"]},"table":{"values":["employee"]},"column":{"values":["date_of_birth"]}}, |
| "dataMaskPolicyItems":[ |
| {"accesses":[{"type":"select","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false, |
| "dataMaskInfo": {"dataMaskType":"MASK"} |
| }, |
| {"accesses":[{"type":"select","isAllowed":true}],"users":["user2"],"groups":[],"delegateAdmin":false, |
| "dataMaskInfo": {"dataMaskType":"SHUFFLE"} |
| } |
| ] |
| }, |
| {"id":201,"name":"db=employee, table=personal","isEnabled":true,"isAuditEnabled":true,"policyType":2, |
| "resources":{"database":{"values":["employee"]},"table":{"values":["personal"]}}, |
| "rowFilterPolicyItems":[ |
| {"accesses":[{"type":"select","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false, |
| "rowFilterInfo": {"filterExpr":"location='US'"} |
| }, |
| {"accesses":[{"type":"select","isAllowed":true}],"users":["user2"],"groups":[],"delegateAdmin":false, |
| "rowFilterInfo": {"filterExpr":"location='CA'"} |
| } |
| ] |
| }, |
| {"id":202,"name":"db=hr, table=employee","isEnabled":true,"isAuditEnabled":true,"policyType":2, |
| "resources":{"database":{"values":["hr"]},"table":{"values":["employee"]}}, |
| "rowFilterPolicyItems":[ |
| {"accesses":[{"type":"select","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false, |
| "rowFilterInfo": {"filterExpr":"dept='production'"} |
| }, |
| {"accesses":[{"type":"select","isAllowed":true}],"users":["user2"],"groups":[],"delegateAdmin":false, |
| "rowFilterInfo": {"filterExpr":"dept='purchase'"} |
| } |
| ] |
| } |
| ], |
| |
| "tests":[ |
| {"name":"'select ssn from employee.personal;' for user1 - maskType=MASK", |
| "request":{ |
| "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}}, |
| "accessType":"select","user":"user1","userGroups":[],"requestData":"select ssn from employee.personal;' for user1" |
| }, |
| "dataMaskResult":{"additionalInfo": {"maskType":"MASK","maskCondition":null,"maskValue":null},"policyId":101} |
| }, |
| {"name":"'select ssn from employee.personal;' for user2 - maskType=SHUFFLE", |
| "request":{ |
| "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}}, |
| "accessType":"select","user":"user2","userGroups":[],"requestData":"select ssn from employee.personal;' for user2" |
| }, |
| "dataMaskResult":{"additionalInfo":{"maskType":"SHUFFLE","maskCondition":null,"maskValue":null},"policyId":101} |
| }, |
| {"name":"'select ssn from employee.personal;' for user3 - no-mask", |
| "request":{ |
| "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}}, |
| "accessType":"select","user":"user3","userGroups":[],"requestData":"select ssn from employee.personal;' for user3" |
| }, |
| "dataMaskResult":{"additionalInfo":{"maskType":null,"maskCondition":null,"maskValue":null},"policyId":-1} |
| }, |
| {"name":"'select name from employee.personal;' for user1 - no-mask", |
| "request":{ |
| "resource":{"elements":{"database":"employee", "table":"personal", "column":"name"}}, |
| "accessType":"select","user":"user1","userGroups":[],"requestData":"select name from employee.personal;' for user1" |
| }, |
| "dataMaskResult":{"additionalInfo":{"maskType":null,"maskCondition":null,"maskValue":null},"policyId":-1} |
| }, |
| {"name":"'select date_of_birth from hr.employee;' for user1 - maskType=MASK", |
| "request":{ |
| "resource":{"elements":{"database":"hr", "table":"employee", "column":"date_of_birth"}}, |
| "accessType":"select","user":"user1","userGroups":[],"requestData":"select date_of_birth from hr.employee;' for user1" |
| }, |
| "dataMaskResult":{"additionalInfo":{"maskType":"MASK","maskCondition":null,"maskValue":null},"policyId":102} |
| }, |
| {"name":"'select date_of_birth from hr.employee;' for user2 - maskType=SHUFFLE", |
| "request":{ |
| "resource":{"elements":{"database":"hr", "table":"employee", "column":"date_of_birth"}}, |
| "accessType":"select","user":"user2","userGroups":[],"requestData":"select date_of_birth from hr.employee2;' for user2" |
| }, |
| "dataMaskResult":{"additionalInfo":{"maskType":"SHUFFLE","maskCondition":null,"maskValue":null},"policyId":102} |
| }, |
| {"name":"'select date_of_birth1 from hr.employee;' for user1 - no-mask", |
| "request":{ |
| "resource":{"elements":{"database":"hr", "table":"employee", "column":"date_of_birth1"}}, |
| "accessType":"select","user":"user1","userGroups":[],"requestData":"select date_of_birth1 from hr.employee;' for user1" |
| }, |
| "dataMaskResult":{"additionalInfo":{"maskType":null,"maskCondition":null,"maskValue":null},"policyId":-1} |
| }, |
| {"name":"'select date_of_birth from hr2.employee2;' for user2 - no-mask", |
| "request":{ |
| "resource":{"elements":{"database":"hr2", "table":"employee2", "column":"date_of_birth"}}, |
| "accessType":"select","user":"user2","userGroups":[],"requestData":"select date_of_birth from hr2.employee2;' for user2" |
| }, |
| "dataMaskResult":{"additionalInfo":{"maskType":null,"maskCondition":null,"maskValue":null},"policyId":-1} |
| }, |
| {"name":"'select ssn from employee.personal;' for user1 - filterExpr=location='US'", |
| "request":{ |
| "resource":{"elements":{"database":"employee", "table":"personal"}}, |
| "accessType":"select","user":"user1","userGroups":[],"requestData":"select ssn from employee.personal;' for user1" |
| }, |
| "rowFilterResult":{"additionalInfo":{"filterExpr":"location='US'"},"policyId":201} |
| }, |
| {"name":"'select ssn from employee.personal;' for user2 - filterExpr=location='CA'", |
| "request":{ |
| "resource":{"elements":{"database":"employee", "table":"personal"}}, |
| "accessType":"select","user":"user2","userGroups":[],"requestData":"select ssn from employee.personal;' for user2" |
| }, |
| "rowFilterResult":{"additionalInfo":{"filterExpr":"location='CA'"},"policyId":201} |
| }, |
| {"name":"'select ssn from employee.personal;' for user3 - no-filter", |
| "request":{ |
| "resource":{"elements":{"database":"employee", "table":"personal"}}, |
| "accessType":"select","user":"user3","userGroups":[],"requestData":"select ssn from employee.personal;' for user3" |
| }, |
| "rowFilterResult":{"additionalInfo":{"filterExpr":null},"policyId":-1} |
| }, |
| {"name":"'select name from employee.personal;' for group3 - no-filter", |
| "request":{ |
| "resource":{"elements":{"database":"employee", "table":"personal"}}, |
| "accessType":"select","user":"user5","userGroups":["group3"],"requestData":"select name from employee.personal;' for user5/group3" |
| }, |
| "rowFilterResult":{"additionalInfo":{"filterExpr":null},"policyId":-1} |
| }, |
| {"name":"'select date_of_birth from hr.employee;' for user1 - filterExpr=dept='production'", |
| "request":{ |
| "resource":{"elements":{"database":"hr", "table":"employee"}}, |
| "accessType":"select","user":"user1","userGroups":[],"requestData":"select date_of_birth from hr.employee;' for user1" |
| }, |
| "rowFilterResult":{"additionalInfo":{"filterExpr":"dept='production'"},"policyId":202} |
| }, |
| {"name":"'select date_of_birth from hr.employee;' for user2 - filterExpr=dept='purchase'", |
| "request":{ |
| "resource":{"elements":{"database":"hr", "table":"employee"}}, |
| "accessType":"select","user":"user2","userGroups":[],"requestData":"select date_of_birth from hr.employee2;' for user2" |
| }, |
| "rowFilterResult":{"additionalInfo":{"filterExpr":"dept='purchase'"},"policyId":202} |
| }, |
| {"name":"'select date_of_birth from hr.employee;' for user3 - no-filter", |
| "request":{ |
| "resource":{"elements":{"database":"hr", "table":"employee"}}, |
| "accessType":"select","user":"user3","userGroups":[],"requestData":"select date_of_birth from hr.employee;' for user3" |
| }, |
| "rowFilterResult":{"additionalInfo":{"filterExpr":null},"policyId":-1} |
| }, |
| {"name":"'select date_of_birth from hr2.employee2;' for user2 - no-mask", |
| "request":{ |
| "resource":{"elements":{"database":"hr2", "table":"employee2"}}, |
| "accessType":"select","user":"user2","userGroups":[],"requestData":"select date_of_birth from hr2.employee2;' for user2" |
| }, |
| "rowFilterResult":{"additionalInfo":{"filterExpr":null},"policyId":-1} |
| } |
| ] |
| } |
| |
