Google Git
Sign in
apache / ranger / b24b99b8853b70444fae795ce2a7366b6642eada / . / hive-agent / src / test / resources / hive-policies.json
blob: e51edc46ba322b23d129fbeea1195dee00c2066b [file] [log] [blame]
{
"serviceName": "cl1_hive",
"serviceId": 8,
"policyVersion": 19,
"policyUpdateTime": "20170221-13:11:59.000-+0000",
"policies": [
{
"service": "cl1_hive",
"name": "WordsPolicy",
"policyType": 0,
"description": "",
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"rangerauthz"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"words"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "select",
"isAllowed": true
},
{
"type": "update",
"isAllowed": true
}
],
"users": [
"bob"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
},
{
"accesses": [
{
"type": "select",
"isAllowed": true
}
],
"users": [
"dave"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
},
{
"accesses": [
{
"type": "select",
"isAllowed": true
}
],
"users": [
"jane"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 23,
"isEnabled": true,
"version": 3
},
{
"service": "cl1_hive",
"name": "AllPolicy",
"policyType": 0,
"description": "",
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "create",
"isAllowed": true
}
],
"users": [
"bob"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
},
{
"accesses": [
{
"type": "select",
"isAllowed": true
},
{
"type": "update",
"isAllowed": true
},
{
"type": "create",
"isAllowed": true
},
{
"type": "drop",
"isAllowed": true
},
{
"type": "alter",
"isAllowed": true
},
{
"type": "index",
"isAllowed": true
},
{
"type": "lock",
"isAllowed": true
},
{
"type": "all",
"isAllowed": true
}
],
"users": [
"admin"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 24,
"isEnabled": true,
"version": 2
},
{
"service": "cl1_hive",
"name": "CountWordsPolicy",
"policyType": 0,
"description": "",
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"rangerauthz"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"count"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"words"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "select",
"isAllowed": true
}
],
"users": [],
"groups": [
"IT"
],
"conditions": [],
"delegateAdmin": false
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 25,
"isEnabled": true,
"version": 1
},
{
"service": "cl1_hive",
"name": "TmpSelectPolicy",
"policyType": 0,
"description": "",
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"rangerauthz"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"*_tmp_*"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "select",
"isAllowed": true
}
],
"users": [
"bob"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
},
{
"accesses": [
{
"type": "select",
"isAllowed": true
}
],
"users": [],
"groups": [
"IT"
],
"conditions": [],
"delegateAdmin": false
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 26,
"isEnabled": true,
"version": 2
},
{
"service": "cl1_hive",
"name": "DavePolicy",
"policyType": 2,
"description": "",
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"rangerauthz"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"words"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [
{
"rowFilterInfo": {
"filterExpr": "count \u003e\u003d \u002780\u0027"
},
"accesses": [
{
"type": "select",
"isAllowed": true
}
],
"users": [
"dave"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
}
],
"id": 27,
"isEnabled": true,
"version": 1
},
{
"service": "cl1_hive",
"name": "JanePolicy",
"policyType": 1,
"description": "",
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"rangerauthz"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"word"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"words"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [
{
"dataMaskInfo": {
"dataMaskType": "MASK_HASH",
"conditionExpr": "",
"valueExpr": ""
},
"accesses": [
{
"type": "select",
"isAllowed": true
}
],
"users": [
"jane"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
}
],
"rowFilterPolicyItems": [],
"id": 28,
"isEnabled": true,
"version": 2
},
{
"service": "cl1_hive",
"name": "Delagate admin-allowed on rangerauthzx",
"policyType": 0,
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"rangerauthzx"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "select",
"isAllowed": true
},
{
"type": "update",
"isAllowed": true
},
{
"type": "create",
"isAllowed": true
},
{
"type": "drop",
"isAllowed": true
},
{
"type": "alter",
"isAllowed": true
},
{
"type": "index",
"isAllowed": true
},
{
"type": "lock",
"isAllowed": true
},
{
"type": "all",
"isAllowed": true
}
],
"users": [
"da_test_user"
],
"groups": [],
"conditions": [],
"delegateAdmin": true
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 8,
"isEnabled": true,
"version": 2
},
{
"service": "cl1_hive",
"name": " Test URI s3a://test/data read/write ",
"policyType": 0,
"isAuditEnabled": true,
"resources": {
"uri": {
"values": [
"s3a://test/data"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "create",
"isAllowed": true
},
{
"type": "read",
"isAllowed": true
},
{
"type": "write",
"isAllowed": true
}
],
"users": [
"bob"
],
"groups": [],
"conditions": [],
"delegateAdmin": true
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 9,
"isEnabled": true,
"version": 2
},
{
"service": "cl1_hive",
"name": "Tom - database: ALL, udf: ALL, permissions: ALL",
"policyType": 0,
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"udf": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "select",
"isAllowed": true
},
{
"type": "update",
"isAllowed": true
},
{
"type": "create",
"isAllowed": true
},
{
"type": "drop",
"isAllowed": true
},
{
"type": "alter",
"isAllowed": true
},
{
"type": "index",
"isAllowed": true
},
{
"type": "lock",
"isAllowed": true
},
{
"type": "all",
"isAllowed": true
},
{
"type": "read",
"isAllowed": true
},
{
"type": "write",
"isAllowed": true
}
],
"users": [
"tom"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 9,
"isEnabled": true,
"version": 1
},
{
"service": "cl1_hive",
"name": "Tom - database: ALL, permissions: ALL",
"policyType": 0,
"description": "",
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"test1" , "tmp"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "select",
"isAllowed": true
},
{
"type": "update",
"isAllowed": true
},
{
"type": "create",
"isAllowed": true
},
{
"type": "drop",
"isAllowed": true
},
{
"type": "alter",
"isAllowed": true
},
{
"type": "index",
"isAllowed": true
},
{
"type": "lock",
"isAllowed": true
},
{
"type": "all",
"isAllowed": true
},
{
"type": "read",
"isAllowed": true
},
{
"type": "write",
"isAllowed": true
}
],
"users": [
"tom"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 15,
"isEnabled": true,
"version": 2
},
{
"service": "HIVETest",
"name": "Test Admin permission REPL DUMP command",
"policyType": 0,
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"rangerauthz"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "select",
"isAllowed": true
},
{
"type": "update",
"isAllowed": true
},
{
"type": "create",
"isAllowed": true
},
{
"type": "drop",
"isAllowed": true
},
{
"type": "alter",
"isAllowed": true
},
{
"type": "index",
"isAllowed": true
},
{
"type": "lock",
"isAllowed": true
},
{
"type": "repladmin",
"isAllowed": true
},
{
"type": "all",
"isAllowed": true
}
],
"users": [
"da_test_user"
],
"groups": [],
"conditions": [],
"delegateAdmin": true
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 16,
"isEnabled": true,
"version": 1
},
{
"service": "HIVETest",
"name": "Test KILL QUERY command",
"policyType": 0,
"isAuditEnabled": true,
"resources": {
"hiveservice": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "serviceadmin",
"isAllowed": true
}
],
"users": [
"da_test_user"
],
"groups": [],
"conditions": [],
"delegateAdmin": true
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 16,
"isEnabled": true,
"version": 1
},
{
"service": "HIVETest",
"name": "Test Admin permission REPL DUMP command on table",
"policyType": 0,
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"rangerauthz"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"words"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "select",
"isAllowed": true
},
{
"type": "update",
"isAllowed": true
},
{
"type": "create",
"isAllowed": true
},
{
"type": "drop",
"isAllowed": true
},
{
"type": "alter",
"isAllowed": true
},
{
"type": "index",
"isAllowed": true
},
{
"type": "lock",
"isAllowed": true
},
{
"type": "repladmin",
"isAllowed": true
},
{
"type": "all",
"isAllowed": true
}
],
"users": [
"da_test_user"
],
"groups": [],
"conditions": [],
"delegateAdmin": true
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 16,
"isEnabled": true,
"version": 1
},
{
"service": "HIVETest",
"name": "Create Temp UDF test",
"policyType": 0,
"isAuditEnabled": true,
"resources": {
"global": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "tempudfadmin",
"isAllowed": true
}
],
"users": [
"tom"
],
"groups": [],
"conditions": [],
"delegateAdmin": true
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 17,
"isEnabled": true,
"version": 1
}
],
"serviceDef": {
"name": "hive",
"implClass": "org.apache.ranger.services.hive.RangerServiceHive",
"label": "Hive Server2",
"description": "Hive Server2",
"options": {},
"configs": [
{
"itemId": 1,
"name": "username",
"type": "string",
"mandatory": true,
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Username"
},
{
"itemId": 2,
"name": "password",
"type": "password",
"mandatory": true,
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Password"
},
{
"itemId": 3,
"name": "jdbc.driverClassName",
"type": "string",
"mandatory": true,
"defaultValue": "org.apache.hive.jdbc.HiveDriver",
"validationRegEx": "",
"validationMessage": "",
"uiHint": ""
},
{
"itemId": 4,
"name": "jdbc.url",
"type": "string",
"mandatory": true,
"defaultValue": "",
"validationRegEx": "",
"validationMessage": "",
"uiHint": ""
},
{
"itemId": 5,
"name": "commonNameForCertificate",
"type": "string",
"mandatory": false,
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Common Name for Certificate"
}
],
"resources": [
{
"itemId": 1,
"name": "database",
"type": "string",
"level": 10,
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "true",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Hive Database",
"description": "Hive Database"
},
{
"itemId": 2,
"name": "table",
"type": "string",
"level": 20,
"parent": "database",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "true",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Hive Table",
"description": "Hive Table"
},
{
"itemId": 3,
"name": "udf",
"type": "string",
"level": 20,
"parent": "database",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "true",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Hive UDF",
"description": "Hive UDF"
},
{
"itemId": 4,
"name": "column",
"type": "string",
"level": 30,
"parent": "table",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "true",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Hive Column",
"description": "Hive Column"
},
{
"itemId": 5,
"name": "url",
"type": "string",
"level": 10,
"parent": "",
"mandatory": true,
"lookupSupported": false,
"recursiveSupported": true,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
"matcherOptions": { "wildCard":true, "ignoreCase":false },
"validationRegEx":"",
"validationMessage": "",
"uiHint":"",
"label": "URL",
"description": "URL"
},
{
"itemId": 6,
"name": "hiveservice",
"type": "string",
"level": 10,
"mandatory": true,
"lookupSupported": false,
"recursiveSupported": false,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "true",
"ignoreCase": "false"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Hive Service",
"description": "Hive Service",
"accessTypeRestrictions": [],
"isValidLeaf": true
},
{
"itemId": 7,
"name": "global",
"type": "string",
"level": 10,
"mandatory": true,
"lookupSupported": false,
"recursiveSupported": false,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "true",
"ignoreCase": "false"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Global",
"description": "Global",
"accessTypeRestrictions": [],
"isValidLeaf": true
}
],
"accessTypes": [
{
"itemId": 1,
"name": "select",
"label": "select",
"impliedGrants": []
},
{
"itemId": 2,
"name": "update",
"label": "update",
"impliedGrants": []
},
{
"itemId": 3,
"name": "create",
"label": "Create",
"impliedGrants": []
},
{
"itemId": 4,
"name": "drop",
"label": "Drop",
"impliedGrants": []
},
{
"itemId": 5,
"name": "alter",
"label": "Alter",
"impliedGrants": []
},
{
"itemId": 6,
"name": "index",
"label": "Index",
"impliedGrants": []
},
{
"itemId": 7,
"name": "lock",
"label": "Lock",
"impliedGrants": []
},
{
"itemId": 8,
"name": "all",
"label": "All",
"impliedGrants": [
"select",
"update",
"create",
"drop",
"alter",
"index",
"lock",
"read",
"write",
"repladmin",
"serviceadmin",
"tempudfadmin"
]
},
{
"itemId": 9,
"name": "read",
"label": "Read",
"impliedGrants": []
},
{
"itemId": 10,
"name": "write",
"label": "Write",
"impliedGrants": []
},
{
"itemId": 11,
"name": "repladmin",
"label": "ReplAdmin",
"impliedGrants": []
},
{
"itemId": 12,
"name": "serviceadmin",
"label": "Service Admin",
"impliedGrants": []
},
{
"itemId": 13,
"name": "tempudfadmin",
"label": "Temporary UDF Admin",
"impliedGrants": []
}
],
"policyConditions": [],
"contextEnrichers": [],
"enums": [],
"dataMaskDef": {
"maskTypes": [
{
"itemId": 1,
"name": "MASK",
"label": "Redact",
"description": "Replace lowercase with \u0027x\u0027, uppercase with \u0027X\u0027, digits with \u00270\u0027",
"transformer": "mask({col})",
"dataMaskOptions": {}
},
{
"itemId": 2,
"name": "MASK_SHOW_LAST_4",
"label": "Partial mask: show last 4",
"description": "Show last 4 characters; replace rest with \u0027x\u0027",
"transformer": "mask_show_last_n({col}, 4, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027)",
"dataMaskOptions": {}
},
{
"itemId": 3,
"name": "MASK_SHOW_FIRST_4",
"label": "Partial mask: show first 4",
"description": "Show first 4 characters; replace rest with \u0027x\u0027",
"transformer": "mask_show_first_n({col}, 4, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027)",
"dataMaskOptions": {}
},
{
"itemId": 4,
"name": "MASK_HASH",
"label": "Hash",
"description": "Hash the value",
"transformer": "mask_hash({col})",
"dataMaskOptions": {}
},
{
"itemId": 5,
"name": "MASK_NULL",
"label": "Nullify",
"description": "Replace with NULL",
"dataMaskOptions": {}
},
{
"itemId": 6,
"name": "MASK_NONE",
"label": "Unmasked (retain original value)",
"description": "No masking",
"dataMaskOptions": {}
},
{
"itemId": 12,
"name": "MASK_DATE_SHOW_YEAR",
"label": "Date: show only year",
"description": "Date: show only year",
"transformer": "mask({col}, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027, 1, 0, -1)",
"dataMaskOptions": {}
},
{
"itemId": 13,
"name": "CUSTOM",
"label": "Custom",
"description": "Custom",
"dataMaskOptions": {}
}
],
"accessTypes": [
{
"itemId": 1,
"name": "select",
"label": "select",
"impliedGrants": []
}
],
"resources": [
{
"itemId": 1,
"name": "database",
"type": "string",
"level": 10,
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "false",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "{ \"singleValue\":true }",
"label": "Hive Database",
"description": "Hive Database"
},
{
"itemId": 2,
"name": "table",
"type": "string",
"level": 20,
"parent": "database",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "false",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "{ \"singleValue\":true }",
"label": "Hive Table",
"description": "Hive Table"
},
{
"itemId": 4,
"name": "column",
"type": "string",
"level": 30,
"parent": "table",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "false",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "{ \"singleValue\":true }",
"label": "Hive Column",
"description": "Hive Column"
}
]
},
"rowFilterDef": {
"accessTypes": [
{
"itemId": 1,
"name": "select",
"label": "select",
"impliedGrants": []
}
],
"resources": [
{
"itemId": 1,
"name": "database",
"type": "string",
"level": 10,
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "false",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "{ \"singleValue\":true }",
"label": "Hive Database",
"description": "Hive Database"
},
{
"itemId": 2,
"name": "table",
"type": "string",
"level": 20,
"parent": "database",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "false",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "{ \"singleValue\":true }",
"label": "Hive Table",
"description": "Hive Table"
}
]
},
"id": 3,
"guid": "3e1afb5a-184a-4e82-9d9c-87a5cacc243c",
"isEnabled": true,
"createTime": "20170217-11:41:32.000-+0000",
"updateTime": "20170217-11:42:12.000-+0000",
"version": 2
},
"auditMode": "audit-default",
"tagPolicies": {
"serviceName": "KafkaTagService",
"serviceId": 5,
"policyVersion": 12,
"policyUpdateTime": "20170221-13:11:59.000-+0000",
"policies": [
{
"service": "KafkaTagService",
"name": "EXPIRES_ON",
"policyType": 0,
"description": "Policy for data with EXPIRES_ON tag",
"isAuditEnabled": true,
"resources": {
"tag": {
"values": [
"EXPIRES_ON"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [],
"denyPolicyItems": [
{
"accesses": [
{
"type": "hdfs:read",
"isAllowed": true
},
{
"type": "hdfs:write",
"isAllowed": true
},
{
"type": "hdfs:execute",
"isAllowed": true
},
{
"type": "hbase:read",
"isAllowed": true
},
{
"type": "hbase:write",
"isAllowed": true
},
{
"type": "hbase:create",
"isAllowed": true
},
{
"type": "hbase:admin",
"isAllowed": true
},
{
"type": "hive:select",
"isAllowed": true
},
{
"type": "hive:update",
"isAllowed": true
},
{
"type": "hive:create",
"isAllowed": true
},
{
"type": "hive:drop",
"isAllowed": true
},
{
"type": "hive:alter",
"isAllowed": true
},
{
"type": "hive:index",
"isAllowed": true
},
{
"type": "hive:lock",
"isAllowed": true
},
{
"type": "hive:all",
"isAllowed": true
},
{
"type": "yarn:submit-app",
"isAllowed": true
},
{
"type": "yarn:admin-queue",
"isAllowed": true
},
{
"type": "knox:allow",
"isAllowed": true
},
{
"type": "storm:submitTopology",
"isAllowed": true
},
{
"type": "storm:fileUpload",
"isAllowed": true
},
{
"type": "storm:fileDownload",
"isAllowed": true
},
{
"type": "storm:killTopology",
"isAllowed": true
},
{
"type": "storm:rebalance",
"isAllowed": true
},
{
"type": "storm:activate",
"isAllowed": true
},
{
"type": "storm:deactivate",
"isAllowed": true
},
{
"type": "storm:getTopologyConf",
"isAllowed": true
},
{
"type": "storm:getTopology",
"isAllowed": true
},
{
"type": "storm:getUserTopology",
"isAllowed": true
},
{
"type": "storm:getTopologyInfo",
"isAllowed": true
},
{
"type": "storm:uploadNewCredentials",
"isAllowed": true
},
{
"type": "kms:create",
"isAllowed": true
},
{
"type": "kms:delete",
"isAllowed": true
},
{
"type": "kms:rollover",
"isAllowed": true
},
{
"type": "kms:setkeymaterial",
"isAllowed": true
},
{
"type": "kms:get",
"isAllowed": true
},
{
"type": "kms:getkeys",
"isAllowed": true
},
{
"type": "kms:getmetadata",
"isAllowed": true
},
{
"type": "kms:generateeek",
"isAllowed": true
},
{
"type": "kms:decrypteek",
"isAllowed": true
},
{
"type": "solr:query",
"isAllowed": true
},
{
"type": "solr:update",
"isAllowed": true
},
{
"type": "solr:others",
"isAllowed": true
},
{
"type": "solr:solr_admin",
"isAllowed": true
},
{
"type": "kafka:publish",
"isAllowed": true
},
{
"type": "kafka:consume",
"isAllowed": true
},
{
"type": "kafka:configure",
"isAllowed": true
},
{
"type": "kafka:describe",
"isAllowed": true
},
{
"type": "kafka:create",
"isAllowed": true
},
{
"type": "kafka:delete",
"isAllowed": true
},
{
"type": "kafka:kafka_admin",
"isAllowed": true
},
{
"type": "atlas:read",
"isAllowed": true
},
{
"type": "atlas:create",
"isAllowed": true
},
{
"type": "atlas:update",
"isAllowed": true
},
{
"type": "atlas:delete",
"isAllowed": true
},
{
"type": "atlas:all",
"isAllowed": true
}
],
"users": [],
"groups": [
"public"
],
"conditions": [
{
"type": "accessed-after-expiry",
"values": [
"yes"
]
}
],
"delegateAdmin": false
}
],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 10,
"isEnabled": true,
"version": 1
},
{
"service": "KafkaTagService",
"name": "HiveTableTagPolicy",
"policyType": 0,
"description": "",
"isAuditEnabled": true,
"resources": {
"tag": {
"values": [
"HiveTableTag"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "hive:select",
"isAllowed": true
}
],
"users": [],
"groups": [
"dev"
],
"conditions": [],
"delegateAdmin": false
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 29,
"isEnabled": true,
"version": 1
},
{
"service": "KafkaTagService",
"name": "HiveDatabaseTagPolicy",
"policyType": 0,
"description": "",
"isAuditEnabled": true,
"resources": {
"tag": {
"values": [
"HiveDatabaseTag"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "hive:create",
"isAllowed": true
}
],
"users": [],
"groups": [
"dev"
],
"conditions": [],
"delegateAdmin": false
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 30,
"isEnabled": true,
"version": 1
},
{
"service": "KafkaTagService",
"name": "HiveColumnTagPolicy",
"policyType": 0,
"description": "",
"isAuditEnabled": true,
"resources": {
"tag": {
"values": [
"HiveColumnTag"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "hive:select",
"isAllowed": true
}
],
"users": [
"frank"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 31,
"isEnabled": true,
"version": 1
}
],
"serviceDef": {
"name": "tag",
"implClass": "org.apache.ranger.services.tag.RangerServiceTag",
"label": "TAG",
"description": "TAG Service Definition",
"options": {
"ui.pages": "tag-based-policies"
},
"configs": [],
"resources": [
{
"itemId": 1,
"name": "tag",
"type": "string",
"level": 1,
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "false",
"ignoreCase": "false"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "{ \"singleValue\":true }",
"label": "TAG",
"description": "TAG"
}
],
"accessTypes": [
{
"itemId": 1002,
"name": "hdfs:read",
"label": "Read",
"impliedGrants": []
},
{
"itemId": 1003,
"name": "hdfs:write",
"label": "Write",
"impliedGrants": []
},
{
"itemId": 1004,
"name": "hdfs:execute",
"label": "Execute",
"impliedGrants": []
},
{
"itemId": 2003,
"name": "hbase:read",
"label": "Read",
"impliedGrants": []
},
{
"itemId": 2004,
"name": "hbase:write",
"label": "Write",
"impliedGrants": []
},
{
"itemId": 2005,
"name": "hbase:create",
"label": "Create",
"impliedGrants": []
},
{
"itemId": 2006,
"name": "hbase:admin",
"label": "Admin",
"impliedGrants": [
"hbase:read",
"hbase:write",
"hbase:create"
]
},
{
"itemId": 3004,
"name": "hive:select",
"label": "select",
"impliedGrants": []
},
{
"itemId": 3005,
"name": "hive:update",
"label": "update",
"impliedGrants": []
},
{
"itemId": 3006,
"name": "hive:create",
"label": "Create",
"impliedGrants": []
},
{
"itemId": 3007,
"name": "hive:drop",
"label": "Drop",
"impliedGrants": []
},
{
"itemId": 3008,
"name": "hive:alter",
"label": "Alter",
"impliedGrants": []
},
{
"itemId": 3009,
"name": "hive:index",
"label": "Index",
"impliedGrants": []
},
{
"itemId": 3010,
"name": "hive:lock",
"label": "Lock",
"impliedGrants": []
},
{
"itemId": 3011,
"name": "hive:all",
"label": "All",
"impliedGrants": [
"hive:select",
"hive:update",
"hive:create",
"hive:drop",
"hive:alter",
"hive:index",
"hive:lock"
]
},
{
"itemId": 4005,
"name": "yarn:submit-app",
"label": "submit-app",
"impliedGrants": []
},
{
"itemId": 4006,
"name": "yarn:admin-queue",
"label": "admin-queue",
"impliedGrants": [
"yarn:submit-app"
]
},
{
"itemId": 5006,
"name": "knox:allow",
"label": "Allow",
"impliedGrants": []
},
{
"itemId": 6007,
"name": "storm:submitTopology",
"label": "Submit Topology",
"impliedGrants": [
"storm:fileUpload",
"storm:fileDownload"
]
},
{
"itemId": 6008,
"name": "storm:fileUpload",
"label": "File Upload",
"impliedGrants": []
},
{
"itemId": 6011,
"name": "storm:fileDownload",
"label": "File Download",
"impliedGrants": []
},
{
"itemId": 6012,
"name": "storm:killTopology",
"label": "Kill Topology",
"impliedGrants": []
},
{
"itemId": 6013,
"name": "storm:rebalance",
"label": "Rebalance",
"impliedGrants": []
},
{
"itemId": 6014,
"name": "storm:activate",
"label": "Activate",
"impliedGrants": []
},
{
"itemId": 6015,
"name": "storm:deactivate",
"label": "Deactivate",
"impliedGrants": []
},
{
"itemId": 6016,
"name": "storm:getTopologyConf",
"label": "Get Topology Conf",
"impliedGrants": []
},
{
"itemId": 6017,
"name": "storm:getTopology",
"label": "Get Topology",
"impliedGrants": []
},
{
"itemId": 6018,
"name": "storm:getUserTopology",
"label": "Get User Topology",
"impliedGrants": []
},
{
"itemId": 6019,
"name": "storm:getTopologyInfo",
"label": "Get Topology Info",
"impliedGrants": []
},
{
"itemId": 6020,
"name": "storm:uploadNewCredentials",
"label": "Upload New Credential",
"impliedGrants": []
},
{
"itemId": 7008,
"name": "kms:create",
"label": "Create",
"impliedGrants": []
},
{
"itemId": 7009,
"name": "kms:delete",
"label": "Delete",
"impliedGrants": []
},
{
"itemId": 7010,
"name": "kms:rollover",
"label": "Rollover",
"impliedGrants": []
},
{
"itemId": 7011,
"name": "kms:setkeymaterial",
"label": "Set Key Material",
"impliedGrants": []
},
{
"itemId": 7012,
"name": "kms:get",
"label": "Get",
"impliedGrants": []
},
{
"itemId": 7013,
"name": "kms:getkeys",
"label": "Get Keys",
"impliedGrants": []
},
{
"itemId": 7014,
"name": "kms:getmetadata",
"label": "Get Metadata",
"impliedGrants": []
},
{
"itemId": 7015,
"name": "kms:generateeek",
"label": "Generate EEK",
"impliedGrants": []
},
{
"itemId": 7016,
"name": "kms:decrypteek",
"label": "Decrypt EEK",
"impliedGrants": []
},
{
"itemId": 8108,
"name": "solr:query",
"label": "Query",
"impliedGrants": []
},
{
"itemId": 8208,
"name": "solr:update",
"label": "Update",
"impliedGrants": []
},
{
"itemId": 8308,
"name": "solr:others",
"label": "Others",
"impliedGrants": []
},
{
"itemId": 8908,
"name": "solr:solr_admin",
"label": "Solr Admin",
"impliedGrants": [
"solr:query",
"solr:update",
"solr:others"
]
},
{
"itemId": 9010,
"name": "kafka:publish",
"label": "Publish",
"impliedGrants": [
"kafka:describe"
]
},
{
"itemId": 9011,
"name": "kafka:consume",
"label": "Consume",
"impliedGrants": [
"kafka:describe"
]
},
{
"itemId": 9014,
"name": "kafka:configure",
"label": "Configure",
"impliedGrants": [
"kafka:describe"
]
},
{
"itemId": 9015,
"name": "kafka:describe",
"label": "Describe",
"impliedGrants": []
},
{
"itemId": 9017,
"name": "kafka:create",
"label": "Create",
"impliedGrants": []
},
{
"itemId": 9018,
"name": "kafka:delete",
"label": "Delete",
"impliedGrants": []
},
{
"itemId": 9016,
"name": "kafka:kafka_admin",
"label": "Kafka Admin",
"impliedGrants": [
"kafka:publish",
"kafka:consume",
"kafka:configure",
"kafka:describe",
"kafka:create",
"kafka:delete"
]
},
{
"itemId": 11012,
"name": "atlas:read",
"label": "read",
"impliedGrants": []
},
{
"itemId": 11013,
"name": "atlas:create",
"label": "create",
"impliedGrants": []
},
{
"itemId": 11014,
"name": "atlas:update",
"label": "update",
"impliedGrants": []
},
{
"itemId": 11015,
"name": "atlas:delete",
"label": "delete",
"impliedGrants": []
},
{
"itemId": 11016,
"name": "atlas:all",
"label": "All",
"impliedGrants": [
"atlas:read",
"atlas:create",
"atlas:update",
"atlas:delete"
]
}
],
"policyConditions": [
{
"itemId": 1,
"name": "accessed-after-expiry",
"evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptTemplateConditionEvaluator",
"evaluatorOptions": {
"scriptTemplate": "ctx.isAccessedAfter(\u0027expiry_date\u0027);"
},
"uiHint": "{ \"singleValue\":true }",
"label": "Accessed after expiry_date (yes/no)?",
"description": "Accessed after expiry_date? (yes/no)"
}
],
"contextEnrichers": [
{
"itemId": 1,
"name": "TagEnricher",
"enricher": "org.apache.ranger.plugin.contextenricher.RangerTagEnricher",
"enricherOptions": {
"tagRetrieverClassName": "org.apache.ranger.plugin.contextenricher.RangerAdminTagRetriever",
"tagRefresherPollingInterval": "60000"
}
}
],
"enums": [],
"dataMaskDef": {
"maskTypes": [],
"accessTypes": [],
"resources": []
},
"rowFilterDef": {
"accessTypes": [],
"resources": []
},
"id": 100,
"guid": "0d047248-baff-4cf9-8e9e-d5d377284b2e",
"isEnabled": true,
"createTime": "20170217-11:41:33.000-+0000",
"updateTime": "20170217-11:41:35.000-+0000",
"version": 11
},
"auditMode": "audit-default"
}
}