| { |
| "serviceName":"hivedev", |
| |
| "serviceDef":{ |
| "name":"hive", |
| "id":3, |
| "resources":[ |
| {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Database","description":"Hive Database"}, |
| {"name":"url","level":1,"mandatory":true,"lookupSupported":false,"recursiveSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerURLResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"URL","description":"URL"}, |
| {"name":"hiveservice","level":1,"mandatory":true,"lookupSupported":false,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"HiveService","description":"HiveService"}, |
| {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Table","description":"Hive Table"}, |
| {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive UDF","description":"Hive UDF"}, |
| {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Column","description":"Hive Column"} |
| ], |
| "accessTypes":[ |
| {"name":"select","label":"Select"}, |
| {"name":"update","label":"Update"}, |
| {"name":"create","label":"Create"}, |
| {"name":"drop","label":"Drop"}, |
| {"name":"alter","label":"Alter"}, |
| {"name":"index","label":"Index"}, |
| {"name":"lock","label":"Lock"}, |
| {"name":"read","label":"Read"}, |
| {"name":"write","label":"Write"}, |
| {"name":"repladmin","label":"ReplAdmin"}, |
| {"name":"serviceadmin","label":"ServiceAdmin"}, |
| {"name":"all","label":"All", |
| "impliedGrants": [ |
| "select", |
| "update", |
| "create", |
| "drop", |
| "alter", |
| "index", |
| "lock", |
| "read", |
| "write", |
| "repladmin", |
| "serviceadmin" |
| ] |
| } |
| ] |
| }, |
| |
| "policies":[ |
| {"id":200,"name":"url=s3a://qe-s3-bucket-mst/test_abcd/abcd; s3a://qe-s3-bucket-mst/demo/*: URL-access-policy","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"url":{"values": ["s3a://qe-s3-bucket-mst/test_abcd/abcd", "s3a://qe-s3-bucket-mst/demo"], "isRecursive":true}}, |
| "policyItems":[ |
| {"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true}],"users":[],"groups":["public"],"delegateAdmin":false} |
| ] |
| } |
| , |
| {"id":1,"name":"db=default: audit-all-access","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"database":{"values":["default"]},"table":{"values":["*"]},"column":{"values":["*"]}}, |
| "policyItems":[ |
| {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false} |
| ] |
| } |
| , |
| {"id":2,"name":"db=default; table=test*; column=*","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"database":{"values":["default"]},"table":{"values":["test*"]},"column":{"values":["*"]}}, |
| "policyItems":[ |
| {"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false} |
| , |
| {"accesses":[{"type":"create","isAllowed":true},{"type":"drop","isAllowed":true}],"users":["admin"],"groups":["admin"],"delegateAdmin":true} |
| ] |
| } |
| , |
| {"id":3,"name":"db=db1; table=tbl*; column=*","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"database":{"values":["db1"]},"table":{"values":["tbl*"]},"column":{"values":["*"]}}, |
| "policyItems":[ |
| {"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false} |
| ] |
| } |
| , |
| {"id":4,"name":"db=db1; table=tmp; column=tmp*","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"database":{"values":["db1"]},"table":{"values":["tmp"]},"column":{"values":["tmp*"], "isExcludes":true}}, |
| "policyItems":[ |
| {"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false} |
| ] |
| } |
| , |
| {"id":5,"name":"hiveservice=*","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"hiveservice":{"values":["*"]}}, |
| "policyItems":[ |
| {"accesses":[{"type":"serviceadmin","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false} |
| ] |
| } |
| , |
| {"id":6,"name":"db=demo1,demo2","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"database":{"values":["demo1", "demo2"]}}, |
| "policyItems":[ |
| {"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false} |
| ] |
| } |
| , |
| {"id":7,"name":"db=demo1; table=demo1_tbl1,demo1_tbl2; column=*","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"database":{"values":["demo1"]},"table":{"values":["demo1_tbl1", "demo1_tbl2"]},"column":{"values":["*"]}}, |
| "policyItems":[ |
| {"accesses":[{"type":"create","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false} |
| ] |
| }, |
| {"id":8,"name":"db=dummy; table=*; column=*","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"database":{"values":["dummy"]},"table":{"values":["*"]},"column":{"values":["*"]}}, |
| "policyItems":[ |
| {"accesses":[{"type":"create","isAllowed":true},{"type":"update","isAllowed":true},{"type":"drop","isAllowed":true}],"users":["user1","user2"],"groups":[],"delegateAdmin":false} |
| ], |
| "allowExceptions":[ |
| {"accesses":[{"type":"create","isAllowed":true}, {"type":"update","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false}, |
| {"accesses":[{"type":"create","isAllowed":true}, {"type":"update","isAllowed":true},{"type":"drop","isAllowed":true}],"users":["user2"],"groups":[],"delegateAdmin":false} |
| ] |
| } |
| , |
| {"id":9,"name":"db=db1","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"database":{"values":["db1"]}}, |
| "isDenyAllElse": true, |
| "policyItems":[ |
| {"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user3","user4"],"groups":["group1","group2"],"delegateAdmin":false} |
| ] |
| }, |
| {"id":201,"name":"url=http://qe-s3-bucket-mst/test_abcd/abcd/ URL-access-policy","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"url":{"values": ["http://qe-s3-bucket-mst/test_abcd/abcd/"], "isRecursive":true}}, |
| "policyItems":[ |
| {"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false} |
| ] |
| }, |
| {"id":1001,"name":"db=org; table=employee; column=*","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"database":{"values":["org"]},"table":{"values":["employee"]},"column":{"values":["*"], "isExcludes":false}}, |
| "policyItems":[ |
| {"accesses":[{"type":"select","isAllowed":true}, {"type":"create","isAllowed":true}, {"type":"read","isAllowed":true}],"users":["john"],"groups":[],"delegateAdmin":false} |
| ] |
| } |
| ], |
| |
| "tests":[ |
| {"name":"DENY 'create or write for org;' for john", |
| "request":{ |
| "resource":{"elements":{"database":"org"}}, |
| "accessType":"create","user":"john","userGroups":[],"requestData":"create org", |
| "context": {"ISANYACCESS":true, "ACCESSTYPES": [ "create", "write" ]} |
| }, |
| "result":{"isAudited":false,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY 'create and write for org;' for john", |
| "request":{ |
| "resource":{"elements":{"database":"org"}}, |
| "accessType":"create","user":"john","userGroups":[],"requestData":"create org", |
| "context": {"ISANYACCESS":false, "ACCESSTYPES": [ "create", "write" ]} |
| }, |
| "result":{"isAudited":false,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"ALLOW 'any' for org;' for john", |
| "request":{ |
| "resource":{"elements":{"database":"org"}}, |
| "accessType":"","user":"john","userGroups":[],"requestData":"'any' access for org" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":1001} |
| } |
| , |
| {"name":"ALLOW 'read http://qe-s3-bucket-mst/test_abcd/abcd;' for user1", |
| "request":{ |
| "resource":{"elements":{"url":["http://qe-s3-bucket-mst/test_abcd/abcd", "http://qe-s3-bucket-mst/test_abcd/abcd/"]}}, |
| "accessType":"read","user":"user1","userGroups":["users"],"requestData":"read http://qe-s3-bucket-mst/test_abcd/abcd for user1" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":201} |
| } |
| , |
| {"name":"ALLOW '_any access to no-database' for user5: match when request has less levels than policy", |
| "request":{ |
| "resource":{"elements":{}}, |
| "accessType":"","user":"user5","userGroups":["users"],"requestData":"show databases" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":200} |
| } |
| , |
| {"name":"ALLOW '_any access to db1' for user5: match when request has less levels than policy", |
| "request":{ |
| "resource":{"elements":{"database":"db1"}}, |
| "accessType":"","user":"user5","userGroups":["users"],"requestData":"use db1" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":9} |
| } |
| , |
| {"name":"DENY '_any access to db1' for user5: match when request has less levels than policy", |
| "request":{ |
| "resource":{"elements":{"database":"db1"}}, |
| "accessType":"","user":"user5","userGroups":["users"],"requestData":"use db1" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":9} |
| } |
| , |
| {"name":"ALLOW 'any dummy/*/*;' for user1", |
| "request":{ |
| "resource":{"elements":{"database":"dummy", "table": "dummy", "column": "dummy"}}, |
| "accessType":"","user":"user1","userGroups":["users"],"requestData":"any dummy/dummy/dummy for user1" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":8} |
| } |
| , |
| {"name":"DENY 'any dummy/*/*;' for user2", |
| "request":{ |
| "resource":{"elements":{"database":"dummy", "table": "dummy", "column": "dummy"}}, |
| "accessType":"","user":"user2","userGroups":["users"],"requestData":"any dummy/dummy/dummy for user2" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"ALLOW 'read s3a://qe-s3-bucket-mst/demo;' for user1", |
| "request":{ |
| "resource":{"elements":{"url":"s3a://qe-s3-bucket-mst/demo"}}, |
| "accessType":"read","user":"user1","userGroups":["users"],"requestData":"read s3a://qe-s3-bucket-mst/demo for user1" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":200} |
| } |
| , |
| {"name":"ALLOW 'read s3a://qe-s3-bucket-mst/test_abcd/abcd;' for user1", |
| "request":{ |
| "resource":{"elements":{"url":"s3a://qe-s3-bucket-mst/test_abcd/abcd"}}, |
| "accessType":"read","user":"user1","userGroups":["users"],"requestData":"read s3a://qe-s3-bucket-mst/test_abcd/abcd for user1" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":200} |
| } |
| , |
| {"name":"ALLOW 'read s3a://qe-s3-bucket-mst/test_abcd/abcd/non-existent;' for user1", |
| "request":{ |
| "resource":{"elements":{"url":"s3a://qe-s3-bucket-mst/test_abcd/abcd/non-existent"}}, |
| "accessType":"read","user":"user1","userGroups":["users"],"requestData":"read s3a://qe-s3-bucket-mst/test_abcd/abcd/non-existent for user1" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":200} |
| } |
| , |
| {"name":"DENY 'select tmp_1 from db1.tmp ;' for user1", |
| "request":{ |
| "resource":{"elements":{"database":"db1", "table":"tmp", "column":"tmp_1"}}, |
| "accessType":"select","user":"user1","userGroups":["users"],"requestData":"select tmp_1 from db1.tmp for user1" |
| ,"remoteIPAddress":"1.1.1.1","forwardedAddresses":["127.0.0.1","10.10.10.10"] |
| }, |
| "result":{"isAudited":false,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"ALLOW 'select abc_1 from db1.tmp ;' for user1", |
| "request":{ |
| "resource":{"elements":{"database":"db1", "table":"tmp", "column":"abc_1"}}, |
| "accessType":"select","user":"user1","userGroups":["users"],"requestData":"select abc_1 from db1.tmp for user1" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":4} |
| } |
| , |
| {"name":"ALLOW 'use default;' for user1", |
| "request":{ |
| "resource":{"elements":{"database":"default"}}, |
| "accessType":"","user":"user1","userGroups":["users"],"requestData":"use default" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"ALLOW 'use default;' for user2", |
| "request":{ |
| "resource":{"elements":{"database":"default"}}, |
| "accessType":"","user":"user2","userGroups":["users"],"requestData":"use default" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"DENY 'use default;' to user3", |
| "request":{ |
| "resource":{"elements":{"database":"default"}}, |
| "accessType":"","user":"user3","userGroups":["users"],"requestData":"use default" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"ALLOW 'use default;' to group1", |
| "request":{ |
| "resource":{"elements":{"database":"default"}}, |
| "accessType":"","user":"user3","userGroups":["users", "group1"],"requestData":"use default" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"ALLOW 'use default;' to group2", |
| "request":{ |
| "resource":{"elements":{"database":"default"}}, |
| "accessType":"","user":"user3","userGroups":["users", "group2"],"requestData":"use default" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"DENY 'use default;' to user3/group3", |
| "request":{ |
| "resource":{"elements":{"database":"default"}}, |
| "accessType":"","user":"user3","userGroups":["users", "group3"],"requestData":"use default" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY 'use finance;' to user3/group3", |
| "request":{ |
| "resource":{"elements":{"database":"finance"}}, |
| "accessType":"","user":"user1","userGroups":["users"],"requestData":"use finance" |
| }, |
| "result":{"isAudited":false,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"ALLOW 'select col1 from default.testtable;' to user1", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}}, |
| "accessType":"select","user":"user1","userGroups":["users"],"requestData":"select col1 from default.testtable" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"ALLOW 'select col1 from default.testtable;' to user2", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}}, |
| "accessType":"select","user":"user2","userGroups":["users"],"requestData":"select col1 from default.testtable" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"DENY 'select col1 from default.testtable;' to user3", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}}, |
| "accessType":"select","user":"user3","userGroups":["users"],"requestData":"select col1 from default.testtable" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"ALLOW 'select col1 from default.testtable;' to group1", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}}, |
| "accessType":"select","user":"user3","userGroups":["users","group1"],"requestData":"select col1 from default.testtable" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"ALLOW 'select col1 from default.testtable;' to group2", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}}, |
| "accessType":"select","user":"user3","userGroups":["users","group2"],"requestData":"select col1 from default.testtable" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"DENY 'select col1 from default.testtable;' to user3/group3", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}}, |
| "accessType":"select","user":"user3","userGroups":["users","group3"],"requestData":"select col1 from default.testtable" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY 'select col1 from default.table1;' to user1", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"table1","column":"col1"}}, |
| "accessType":"select","user":"user1","userGroups":["users"],"requestData":"select col1 from default.table1" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY 'create table default.testtable1;' to user1", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"testtable1"}}, |
| "accessType":"create","user":"user1","userGroups":["users"],"requestData":"create table default.testtable1" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY 'create table default.testtable1;' to user1/group1", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"testtable1"}}, |
| "accessType":"create","user":"user1","userGroups":["users","group1"],"requestData":"create table default.testtable1" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"ALLOW 'create table default.testtable1;' to admin", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"testtable1"}}, |
| "accessType":"create","user":"admin","userGroups":["users"],"requestData":"create table default.testtable1" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"ALLOW 'create table default.testtable1;' to user1/admin", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"testtable1"}}, |
| "accessType":"create","user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"DENY 'drop table default.testtable1;' to user1", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"testtable1"}}, |
| "accessType":"drop","user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY 'drop table default.testtable1;' to user1/group1", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"testtable1"}}, |
| "accessType":"drop","user":"user1","userGroups":["users","group1"],"requestData":"drop table default.testtable1" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"ALLOW 'drop table default.testtable1;' to admin", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"testtable1"}}, |
| "accessType":"drop","user":"admin","userGroups":["users"],"requestData":"drop table default.testtable1" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"ALLOW 'drop table default.testtable1;' to user1/admin", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"testtable1"}}, |
| "accessType":"drop","user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"DENY 'create table default.table1;' to user1", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"table1"}}, |
| "accessType":"create","user":"user1","userGroups":["users"],"requestData":"create table default.testtable1" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY 'create table default.table1;' to user1/admin", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"table1"}}, |
| "accessType":"create","user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY 'drop table default.table1;' to user1", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"table1"}}, |
| "accessType":"drop","user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY 'drop table default.table1;' to user1/admin", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"table1"}}, |
| "accessType":"drop","user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY 'select col1 from default.table1;' to user3", |
| "request":{ |
| "resource":{"elements":{"database":"default","table":"table1","column":"col1"}}, |
| "accessType":"select","user":"user3","userGroups":["users"],"requestData":"select col1 from default.table1" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY '_any access to db1/table1' for user1: table-level mismatch", |
| "request":{ |
| "resource":{"elements":{"database":"db1", "table":"table1"}}, |
| "accessType":"","user":"user1","userGroups":["users"],"requestData":"show columns in table1 from db1;" |
| }, |
| "result":{"isAudited":false,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY '_any access to db1/_/col1' for user1: table not specified but column was specified", |
| "request":{ |
| "resource":{"elements":{"database":"db1", "column":"col1"}}, |
| "accessType":"","user":"user1","userGroups":["users"],"requestData":"fictional use case when request specified a lower level resource by skipping intermediate resource" |
| }, |
| "result":{"isAudited":false,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"ALLOW '_any access to db1' for user1: match when request has less levels than policy", |
| "request":{ |
| "resource":{"elements":{"database":"db1"}}, |
| "accessType":"","user":"user1","userGroups":["users"],"requestData":"use db1" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":3} |
| } |
| , |
| {"name":"ALLOW '_any access to db1/tbl1' for user1: match when request has same levels as policy", |
| "request":{ |
| "resource":{"elements":{"database":"db1", "table":"tbl1"}}, |
| "accessType":"","user":"user1","userGroups":["users"],"requestData":"describe db1.tbl1" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":3} |
| } |
| , |
| {"name":"ALLOW '_any access to db1/tbl1/col1' for user1: match when request has more specific levels than policy", |
| "request":{ |
| "resource":{"elements":{"database":"db1", "table":"tbl1", "column":"col1"}}, |
| "accessType":"","user":"user1","userGroups":["users"],"requestData":"fictional case: request for any match today happens only at a higher levels" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":3} |
| } |
| , |
| {"name":"ALLOW 'kill_query' for user1 on any cluster", |
| "request":{ |
| "resource":{"elements":{"hiveservice":"testcluster"}}, |
| "accessType":"serviceadmin","user":"user1","userGroups":["users"],"requestData":"kill query 'dummyqueryid'" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":5} |
| } |
| , |
| {"name":"ALLOW '_any access to demo1/demo_tbl1' for user1: show table test", |
| "request":{ |
| "resource":{"elements":{"database":"demo1", "table":"demo1_tbl1"}}, |
| "accessType":"","user":"user1","userGroups":["users"],"requestData":"show tables" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":7} |
| } |
| ] |
| } |
| |
