| { |
| "serviceId": 4, |
| "serviceName": "dev_hive", |
| "serviceDef": { |
| "id": 3, |
| "isEnabled": true, |
| "name": "hive", |
| "displayName": "Hadoop SQL", |
| "implClass": "org.apache.ranger.services.hive.RangerServiceHive", |
| "label": "Hive Server2", |
| "description": "Hive Server2", |
| "options": { "enableDenyAndExceptionsInPolicies": "true" }, |
| "configs": [ |
| { "itemId": 1, "name": "username", "type": "string", "mandatory": true }, |
| { "itemId": 2, "name": "password", "type": "password", "mandatory": true }, |
| { "itemId": 3, "name": "jdbc.driverClassName", "type": "string", "mandatory": true, "defaultValue": "org.apache.hive.jdbc.HiveDriver" }, |
| { "itemId": 4, "name": "jdbc.url", "type": "string", "mandatory": true }, |
| { "itemId": 5, "name": "commonNameForCertificate", "type": "string", "mandatory": false }, |
| { "itemId": 6, "name": "ranger.plugin.audit.filters", "type": "string", "mandatory": false, "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'actions':['METADATA OPERATION'], 'isAudited': false}, {'users':['hive','hue'],'actions':['SHOW_ROLES'],'isAudited':false} ]" } |
| ], |
| "resources": [ |
| { "itemId": 1, "name": "database", "type": "string", "level": 10, "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", "matcherOptions": { "wildCard": "true", "ignoreCase": "true" }, "label": "Hive Database", "description": "Hive Database", "accessTypeRestrictions": [], "isValidLeaf": true }, |
| { "itemId": 2, "name": "table", "type": "string", "level": 20, "parent": "database", "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", "matcherOptions": { "wildCard": "true", "ignoreCase": "true" }, "label": "Hive Table", "description": "Hive Table", "accessTypeRestrictions": [], "isValidLeaf": true }, |
| { "itemId": 3, "name": "udf", "type": "string", "level": 20, "parent": "database", "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", "matcherOptions": { "wildCard": "true", "ignoreCase": "true" }, "label": "Hive UDF", "description": "Hive UDF", "accessTypeRestrictions": [], "isValidLeaf": true }, |
| { "itemId": 4, "name": "column", "type": "string", "level": 30, "parent": "table", "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", "matcherOptions": { "wildCard": "true", "ignoreCase": "true" }, "label": "Hive Column", "description": "Hive Column", "accessTypeRestrictions": [], "isValidLeaf": true }, |
| { "itemId": 5, "name": "url", "type": "string", "level": 10, "mandatory": true, "lookupSupported": false, "recursiveSupported": true, "excludesSupported": false, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerURLResourceMatcher", "matcherOptions": { "wildCard": "true", "ignoreCase": "false" }, "label": "URL", "description": "URL", "accessTypeRestrictions": [], "isValidLeaf": true }, |
| { "itemId": 6, "name": "hiveservice", "type": "string", "level": 10, "mandatory": true, "lookupSupported": false, "recursiveSupported": false, "excludesSupported": false, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", "matcherOptions": { "wildCard": "true", "ignoreCase": "false" }, "label": "Hive Service", "description": "Hive Service", "accessTypeRestrictions": [], "isValidLeaf": true }, |
| { "itemId": 7, "name": "global", "type": "string", "level": 10, "mandatory": false, "lookupSupported": false, "recursiveSupported": false, "excludesSupported": false, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", "matcherOptions": { "wildCard": "true", "ignoreCase": "false" }, "label": "Global", "description": "Global", "accessTypeRestrictions": [], "isValidLeaf": true } |
| ], |
| "accessTypes": [ |
| { "itemId": 1, "name": "select", "label": "select" }, |
| { "itemId": 2, "name": "update", "label": "update" }, |
| { "itemId": 3, "name": "create", "label": "Create" }, |
| { "itemId": 4, "name": "drop", "label": "Drop" }, |
| { "itemId": 5, "name": "alter", "label": "Alter" }, |
| { "itemId": 6, "name": "index", "label": "Index" }, |
| { "itemId": 7, "name": "lock", "label": "Lock" }, |
| { "itemId": 8, "name": "all", "label": "All", "impliedGrants": [ "select", "update", "create", "drop", "alter", "index", "lock", "read", "write", "repladmin", "serviceadmin", "refresh" ] }, |
| { "itemId": 9, "name": "read", "label": "Read" }, |
| { "itemId": 10, "name": "write", "label": "Write" }, |
| { "itemId": 11, "name": "repladmin", "label": "ReplAdmin" }, |
| { "itemId": 12, "name": "serviceadmin", "label": "Service Admin" }, |
| { "itemId": 13, "name": "tempudfadmin", "label": "Temporary UDF Admin" }, |
| { "itemId": 14, "name": "refresh", "label": "Refresh" } |
| ], |
| "policyConditions": [], |
| "contextEnrichers": [], |
| "enums": [], |
| "dataMaskDef": { |
| "maskTypes": [ |
| { "itemId": 1, "name": "MASK", "label": "Redact", "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'", "transformer": "mask({col})", "dataMaskOptions": {} }, |
| { "itemId": 2, "name": "MASK_SHOW_LAST_4", "label": "Partial mask: show last 4", "description": "Show last 4 characters; replace rest with 'x'", "transformer": "mask_show_last_n({col}, 4, 'x', 'x', 'x', -1, '1')", "dataMaskOptions": {} }, |
| { "itemId": 3, "name": "MASK_SHOW_FIRST_4", "label": "Partial mask: show first 4", "description": "Show first 4 characters; replace rest with 'x'", "transformer": "mask_show_first_n({col}, 4, 'x', 'x', 'x', -1, '1')", "dataMaskOptions": {} }, |
| { "itemId": 4, "name": "MASK_HASH", "label": "Hash", "description": "Hash the value", "transformer": "mask_hash({col})", "dataMaskOptions": {} }, |
| { "itemId": 5, "name": "MASK_NULL", "label": "Nullify", "description": "Replace with NULL", "dataMaskOptions": {} }, |
| { "itemId": 6, "name": "MASK_NONE", "label": "Unmasked (retain original value)", "description": "No masking", "dataMaskOptions": {} }, |
| { "itemId": 12, "name": "MASK_DATE_SHOW_YEAR", "label": "Date: show only year", "description": "Date: show only year", "transformer": "mask({col}, 'x', 'x', 'x', -1, '1', 1, 0, -1)", "dataMaskOptions": {} }, |
| { "itemId": 13, "name": "CUSTOM", "label": "Custom", "description": "Custom", "dataMaskOptions": {} } |
| ], |
| "accessTypes": [ |
| { "itemId": 1, "name": "select", "label": "select" } |
| ], |
| "resources": [ |
| { "itemId": 1, "name": "database", "type": "string", "level": 10, "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": false, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", "matcherOptions": { "wildCard": "false", "ignoreCase": "true" }, "uiHint": "{ \"singleValue\":true }", "label": "Hive Database", "description": "Hive Database", "accessTypeRestrictions": [], "isValidLeaf": false }, |
| { "itemId": 2, "name": "table", "type": "string", "level": 20, "parent": "database", "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": false, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", "matcherOptions": { "wildCard": "false", "ignoreCase": "true" }, "uiHint": "{ \"singleValue\":true }", "label": "Hive Table", "description": "Hive Table", "accessTypeRestrictions": [], "isValidLeaf": false }, |
| { "itemId": 4, "name": "column", "type": "string", "level": 30, "parent": "table", "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": false, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", "matcherOptions": { "wildCard": "false", "ignoreCase": "true" }, "uiHint": "{ \"singleValue\":true }", "label": "Hive Column", "description": "Hive Column", "accessTypeRestrictions": [], "isValidLeaf": true |
| } |
| ] |
| }, |
| "rowFilterDef": { |
| "accessTypes": [ { "itemId": 1, "name": "select", "label": "select" } ], |
| "resources": [ |
| { "itemId": 1, "name": "database", "type": "string", "level": 10, "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": false, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", "matcherOptions": { "wildCard": "false", "ignoreCase": "true" }, "uiHint": "{ \"singleValue\":true }", "label": "Hive Database", "description": "Hive Database", "accessTypeRestrictions": [], "isValidLeaf": false }, |
| { "itemId": 2, "name": "table", "type": "string", "level": 20, "parent": "database", "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": false, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", "matcherOptions": { "wildCard": "false", "ignoreCase": "true" }, "uiHint": "{ \"singleValue\":true }", "label": "Hive Table", "description": "Hive Table", "accessTypeRestrictions": [], "isValidLeaf": true } |
| ] |
| }, |
| "markerAccessTypes": [ |
| { "itemId": 20, "name": "_ALL", "label": "_ALL", "impliedGrants": [ "drop", "all", "select", "read", "update", "index", "refresh", "tempudfadmin", "serviceadmin", "create", "lock", "repladmin", "write", "alter" ] } |
| ] |
| }, |
| "policies": [], |
| "auditMode": "audit-default", |
| "tagPolicies": { |
| "serviceId": 2, |
| "serviceName": "dev_tag", |
| "policies": [], |
| "serviceDef": { |
| "id": 100, |
| "name": "tag", |
| "isEnabled": true, |
| "implClass": "org.apache.ranger.services.tag.RangerServiceTag", |
| "options": { "enableDenyAndExceptionsInPolicies": "true", "ui.pages": "tag-based-policies" }, |
| "configs": [ |
| { "itemId": 1, "name": "ranger.plugin.audit.filters", "type": "string", "level": 1, "mandatory": false, "label": "Ranger Default Audit Filters" } |
| ], |
| "resources": [ |
| { "itemId": 1, "name": "tag", "type": "string", "level": 1, "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": false, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", "matcherOptions": { "wildCard": "false", "ignoreCase": "false" }, "uiHint": "{ \"singleValue\":true }", "label": "TAG", "description": "TAG", "isValidLeaf": true } |
| ], |
| "accessTypes": [ |
| { "itemId": 14015, "name": "sqoop:READ", "label": "READ" }, |
| { "itemId": 14016, "name": "sqoop:WRITE", "label": "WRITE" }, |
| { "itemId": 12013, "name": "kylin:QUERY", "label": "QUERY" }, |
| { "itemId": 12014, "name": "kylin:OPERATION", "label": "OPERATION" }, |
| { "itemId": 12015, "name": "kylin:MANAGEMENT", "label": "MANAGEMENT" }, |
| { "itemId": 12016, "name": "kylin:ADMIN", "label": "ADMIN" }, |
| { "itemId": 16017, "name": "elasticsearch:all", "label": "all", "impliedGrants": [ "elasticsearch:read", "elasticsearch:read_cross_cluster", "elasticsearch:index", "elasticsearch:create", "elasticsearch:delete", "elasticsearch:write", "elasticsearch:delete_index", "elasticsearch:create_index", "elasticsearch:indices_put", "elasticsearch:indices_search_shards", "elasticsearch:indices_bulk", "elasticsearch:monitor", "elasticsearch:indices_index", "elasticsearch:manage", "elasticsearch:view_index_metadata" ] }, |
| { "itemId": 16018, "name": "elasticsearch:monitor", "label": "monitor" }, |
| { "itemId": 16019, "name": "elasticsearch:manage", "label": "manage", "impliedGrants": [ "elasticsearch:monitor" ] }, |
| { "itemId": 16020, "name": "elasticsearch:view_index_metadata", "label": "view_index_metadata", "impliedGrants": [ "elasticsearch:indices_search_shards" ] }, |
| { "itemId": 16021, "name": "elasticsearch:read", "label": "read" }, |
| { "itemId": 16022, "name": "elasticsearch:read_cross_cluster", "label": "read_cross_cluster", "impliedGrants": [ "elasticsearch:indices_search_shards" ] }, |
| { "itemId": 16023, "name": "elasticsearch:index", "label": "index", "impliedGrants": [ "elasticsearch:indices_put", "elasticsearch:indices_bulk", "elasticsearch:indices_index" ] }, |
| { "itemId": 16024, "name": "elasticsearch:create", "label": "create", "impliedGrants": [ "elasticsearch:indices_put", "elasticsearch:indices_bulk", "elasticsearch:indices_index" ] }, |
| { "itemId": 16025, "name": "elasticsearch:delete", "label": "delete", "impliedGrants": [ "elasticsearch:indices_bulk" ] }, |
| { "itemId": 16026, "name": "elasticsearch:write", "label": "write", "impliedGrants": [ "elasticsearch:indices_put" ] }, |
| { "itemId": 16027, "name": "elasticsearch:delete_index", "label": "delete_index" }, |
| { "itemId": 16028, "name": "elasticsearch:create_index", "label": "create_index" }, |
| { "itemId": 203204, "name": "trino:select", "label": "Select" }, |
| { "itemId": 203205, "name": "trino:insert", "label": "Insert" }, |
| { "itemId": 203206, "name": "trino:create", "label": "Create" }, |
| { "itemId": 203207, "name": "trino:drop", "label": "Drop" }, |
| { "itemId": 203208, "name": "trino:delete", "label": "Delete" }, |
| { "itemId": 203209, "name": "trino:use", "label": "Use" }, |
| { "itemId": 203210, "name": "trino:alter", "label": "Alter" }, |
| { "itemId": 203211, "name": "trino:grant", "label": "Grant" }, |
| { "itemId": 203212, "name": "trino:revoke", "label": "Revoke" }, |
| { "itemId": 203213, "name": "trino:show", "label": "Show" }, |
| { "itemId": 203214, "name": "trino:impersonate", "label": "Impersonate" }, |
| { "itemId": 203215, "name": "trino:all", "label": "All", "impliedGrants": [ "trino:execute", "trino:delete", "trino:drop", "trino:create", "trino:insert", "trino:select", "trino:revoke", "trino:impersonate", "trino:show", "trino:use", "trino:alter", "trino:grant" ] }, |
| { "itemId": 203216, "name": "trino:execute", "label": "execute" }, |
| { "itemId": 17018, "name": "presto:select", "label": "Select" }, |
| { "itemId": 17019, "name": "presto:insert", "label": "Insert" }, |
| { "itemId": 17020, "name": "presto:create", "label": "Create" }, |
| { "itemId": 17021, "name": "presto:drop", "label": "Drop" }, |
| { "itemId": 17022, "name": "presto:delete", "label": "Delete" }, |
| { "itemId": 17023, "name": "presto:use", "label": "Use" }, |
| { "itemId": 17024, "name": "presto:alter", "label": "Alter" }, |
| { "itemId": 17025, "name": "presto:grant", "label": "Grant" }, |
| { "itemId": 17026, "name": "presto:revoke", "label": "Revoke" }, |
| { "itemId": 17027, "name": "presto:show", "label": "Show" }, |
| { "itemId": 17028, "name": "presto:impersonate", "label": "Impersonate" }, |
| { "itemId": 17029, "name": "presto:all", "label": "All", "impliedGrants": [ "presto:use", "presto:alter", "presto:execute", "presto:impersonate", "presto:show", "presto:revoke", "presto:grant", "presto:select", "presto:insert", "presto:create", "presto:delete", "presto:drop" ] }, |
| { "itemId": 17030, "name": "presto:execute", "label": "execute" }, |
| { "itemId": 201209, "name": "ozone:all", "label": "All", "impliedGrants": [ "ozone:create", "ozone:read", "ozone:write", "ozone:list", "ozone:delete", "ozone:read_acl", "ozone:write_acl" ] }, |
| { "itemId": 201202, "name": "ozone:read", "label": "Read" }, |
| { "itemId": 201203, "name": "ozone:write", "label": "Write" }, |
| { "itemId": 201204, "name": "ozone:create", "label": "Create" }, |
| { "itemId": 201205, "name": "ozone:list", "label": "List" }, |
| { "itemId": 201206, "name": "ozone:delete", "label": "Delete" }, |
| { "itemId": 201207, "name": "ozone:read_acl", "label": "Read_ACL" }, |
| { "itemId": 201208, "name": "ozone:write_acl", "label": "Write_ACL" }, |
| { "itemId": 105106, "name": "kudu:select", "label": "SELECT", "impliedGrants": [ "kudu:metadata" ] }, |
| { "itemId": 105107, "name": "kudu:insert", "label": "INSERT", "impliedGrants": [ "kudu:metadata" ] }, |
| { "itemId": 105108, "name": "kudu:update", "label": "UPDATE", "impliedGrants": [ "kudu:metadata" ] }, |
| { "itemId": 105109, "name": "kudu:delete", "label": "DELETE", "impliedGrants": [ "kudu:metadata" ] }, |
| { "itemId": 105110, "name": "kudu:alter", "label": "ALTER", "impliedGrants": [ "kudu:metadata" ] }, |
| { "itemId": 105111, "name": "kudu:create", "label": "CREATE", "impliedGrants": [ "kudu:metadata" ] }, |
| { "itemId": 105112, "name": "kudu:drop", "label": "DROP", "impliedGrants": [ "kudu:metadata" ] }, |
| { "itemId": 105113, "name": "kudu:metadata", "label": "METADATA" }, |
| { "itemId": 105114, "name": "kudu:all", "label": "ALL", "impliedGrants": [ "kudu:insert", "kudu:update", "kudu:delete", "kudu:alter", "kudu:create", "kudu:drop", "kudu:metadata", "kudu:select" ] }, |
| { "itemId": 205206, "name": "nestedstructure:read", "label": "Read" }, |
| { "itemId": 205207, "name": "nestedstructure:write", "label": "Write" }, |
| { "itemId": 1002, "name": "hdfs:read", "label": "Read" }, |
| { "itemId": 1003, "name": "hdfs:write", "label": "Write" }, |
| { "itemId": 1004, "name": "hdfs:execute", "label": "Execute" }, |
| { "itemId": 2003, "name": "hbase:read", "label": "Read" }, |
| { "itemId": 2004, "name": "hbase:write", "label": "Write" }, |
| { "itemId": 2005, "name": "hbase:create", "label": "Create" }, |
| { "itemId": 2006, "name": "hbase:admin", "label": "Admin", "impliedGrants": [ "hbase:write", "hbase:create", "hbase:read" ] }, |
| { "itemId": 2007, "name": "hbase:execute", "label": "Execute" }, |
| { "itemId": 3004, "name": "hive:select", "label": "select" }, |
| { "itemId": 3005, "name": "hive:update", "label": "update" }, |
| { "itemId": 3006, "name": "hive:create", "label": "Create" }, |
| { "itemId": 3007, "name": "hive:drop", "label": "Drop" }, |
| { "itemId": 3008, "name": "hive:alter", "label": "Alter" }, |
| { "itemId": 3009, "name": "hive:index", "label": "Index" }, |
| { "itemId": 3010, "name": "hive:lock", "label": "Lock" }, |
| { "itemId": 3011, "name": "hive:all", "label": "All", "impliedGrants": [ "hive:read", "hive:select", "hive:update", "hive:create", "hive:drop", "hive:alter", "hive:index", "hive:lock", "hive:write", "hive:repladmin", "hive:serviceadmin", "hive:refresh" ] }, |
| { "itemId": 3012, "name": "hive:read", "label": "Read" }, |
| { "itemId": 3013, "name": "hive:write", "label": "Write" }, |
| { "itemId": 3014, "name": "hive:repladmin", "label": "ReplAdmin" }, |
| { "itemId": 3015, "name": "hive:serviceadmin", "label": "Service Admin" }, |
| { "itemId": 3016, "name": "hive:tempudfadmin", "label": "Temporary UDF Admin" }, |
| { "itemId": 3017, "name": "hive:refresh", "label": "Refresh" }, |
| { "itemId": 7008, "name": "kms:create", "label": "Create" }, |
| { "itemId": 7009, "name": "kms:delete", "label": "Delete" }, |
| { "itemId": 7010, "name": "kms:rollover", "label": "Rollover" }, |
| { "itemId": 7011, "name": "kms:setkeymaterial", "label": "Set Key Material" }, |
| { "itemId": 7012, "name": "kms:get", "label": "Get" }, |
| { "itemId": 7013, "name": "kms:getkeys", "label": "Get Keys" }, |
| { "itemId": 7014, "name": "kms:getmetadata", "label": "Get Metadata" }, |
| { "itemId": 7015, "name": "kms:generateeek", "label": "Generate EEK" }, |
| { "itemId": 7016, "name": "kms:decrypteek", "label": "Decrypt EEK" }, |
| { "itemId": 5006, "name": "knox:allow", "label": "Allow" }, |
| { "itemId": 6007, "name": "storm:submitTopology", "label": "Submit Topology", "impliedGrants": [ "storm:fileUpload", "storm:fileDownload" ] }, |
| { "itemId": 6008, "name": "storm:fileUpload", "label": "File Upload" }, |
| { "itemId": 6011, "name": "storm:fileDownload", "label": "File Download" }, |
| { "itemId": 6012, "name": "storm:killTopology", "label": "Kill Topology" }, |
| { "itemId": 6013, "name": "storm:rebalance", "label": "Rebalance" }, |
| { "itemId": 6014, "name": "storm:activate", "label": "Activate" }, |
| { "itemId": 6015, "name": "storm:deactivate", "label": "Deactivate" }, |
| { "itemId": 6016, "name": "storm:getTopologyConf", "label": "Get Topology Conf" }, |
| { "itemId": 6017, "name": "storm:getTopology", "label": "Get Topology" }, |
| { "itemId": 6018, "name": "storm:getUserTopology", "label": "Get User Topology" }, |
| { "itemId": 6019, "name": "storm:getTopologyInfo", "label": "Get Topology Info" }, |
| { "itemId": 6020, "name": "storm:uploadNewCredentials", "label": "Upload New Credential" }, |
| { "itemId": 4005, "name": "yarn:submit-app", "label": "submit-app" }, |
| { "itemId": 4006, "name": "yarn:admin-queue", "label": "admin-queue", "impliedGrants": [ "yarn:submit-app" ] }, |
| { "itemId": 9010, "name": "kafka:publish", "label": "Publish", "impliedGrants": [ "kafka:describe" ] }, |
| { "itemId": 9011, "name": "kafka:consume", "label": "Consume", "impliedGrants": [ "kafka:describe" ] }, |
| { "itemId": 9014, "name": "kafka:configure", "label": "Configure", "impliedGrants": [ "kafka:describe" ] }, |
| { "itemId": 9015, "name": "kafka:describe", "label": "Describe" }, |
| { "itemId": 9016, "name": "kafka:kafka_admin", "label": "Kafka Admin", "impliedGrants": [ "kafka:consume", "kafka:configure", "kafka:alter_configs", "kafka:describe_configs", "kafka:create", "kafka:describe", "kafka:alter", "kafka:idempotent_write", "kafka:cluster_action", "kafka:delete", "kafka:publish" ] }, |
| { "itemId": 9017, "name": "kafka:create", "label": "Create" }, |
| { "itemId": 9018, "name": "kafka:delete", "label": "Delete", "impliedGrants": [ "kafka:describe" ] }, |
| { "itemId": 9019, "name": "kafka:idempotent_write", "label": "Idempotent Write" }, |
| { "itemId": 9020, "name": "kafka:describe_configs", "label": "Describe Configs" }, |
| { "itemId": 9021, "name": "kafka:alter_configs", "label": "Alter Configs", "impliedGrants": [ "kafka:describe_configs" ] }, |
| { "itemId": 9022, "name": "kafka:cluster_action", "label": "Cluster Action" }, |
| { "itemId": 9023, "name": "kafka:alter", "label": "Alter" }, |
| { "itemId": 8108, "name": "solr:query", "label": "Query" }, |
| { "itemId": 8208, "name": "solr:update", "label": "Update" }, |
| { "itemId": 202203, "name": "schema-registry:create", "label": "Create" }, |
| { "itemId": 202204, "name": "schema-registry:read", "label": "Read" }, |
| { "itemId": 202205, "name": "schema-registry:update", "label": "Update" }, |
| { "itemId": 202206, "name": "schema-registry:delete", "label": "Delete" }, |
| { "itemId": 10110, "name": "nifi:READ", "label": "Read" }, |
| { "itemId": 10210, "name": "nifi:WRITE", "label": "Write" }, |
| { "itemId": 13113, "name": "nifi-registry:READ", "label": "Read" }, |
| { "itemId": 13213, "name": "nifi-registry:WRITE", "label": "Write" }, |
| { "itemId": 13313, "name": "nifi-registry:DELETE", "label": "Delete" }, |
| { "itemId": 15016, "name": "atlas:type-create", "label": "Create Type", "impliedGrants": [ "atlas:type-read" ] }, |
| { "itemId": 15017, "name": "atlas:type-update", "label": "Update Type", "impliedGrants": [ "atlas:type-read" ] }, |
| { "itemId": 15018, "name": "atlas:type-delete", "label": "Delete Type", "impliedGrants": [ "atlas:type-read" ] }, |
| { "itemId": 15019, "name": "atlas:entity-read", "label": "Read Entity" }, |
| { "itemId": 15020, "name": "atlas:entity-create", "label": "Create Entity" }, |
| { "itemId": 15021, "name": "atlas:entity-update", "label": "Update Entity" }, |
| { "itemId": 15022, "name": "atlas:entity-delete", "label": "Delete Entity" }, |
| { "itemId": 15023, "name": "atlas:entity-add-classification", "label": "Add Classification" }, |
| { "itemId": 15024, "name": "atlas:entity-update-classification", "label": "Update Classification" }, |
| { "itemId": 15025, "name": "atlas:entity-remove-classification", "label": "Remove Classification" }, |
| { "itemId": 15026, "name": "atlas:admin-export", "label": "Admin Export" }, |
| { "itemId": 15027, "name": "atlas:admin-import", "label": "Admin Import" }, |
| { "itemId": 15028, "name": "atlas:add-relationship", "label": "Add Relationship" }, |
| { "itemId": 15029, "name": "atlas:update-relationship", "label": "Update Relationship" }, |
| { "itemId": 15030, "name": "atlas:remove-relationship", "label": "Remove Relationship" }, |
| { "itemId": 15031, "name": "atlas:admin-purge", "label": "Admin Purge" }, |
| { "itemId": 15032, "name": "atlas:entity-add-label", "label": "Add Label" }, |
| { "itemId": 15033, "name": "atlas:entity-remove-label", "label": "Remove Label" }, |
| { "itemId": 15034, "name": "atlas:entity-update-business-metadata", "label": "Update Business Metadata" }, |
| { "itemId": 15035, "name": "atlas:type-read", "label": "Read Type" }, |
| { "itemId": 15036, "name": "atlas:admin-audits", "label": "Admin Audits" } |
| ], |
| "policyConditions": [], |
| "contextEnrichers": [], |
| "dataMaskDef": { |
| "maskTypes": [ |
| { "itemId": 203204, "name": "trino:MASK", "label": "Redact", "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'", "transformer": "cast(regexp_replace(regexp_replace(regexp_replace({col},'([A-Z])', 'X'),'([a-z])','x'),'([0-9])','0') as {type})" |
| }, |
| { "itemId": 203205, "name": "trino:MASK_SHOW_LAST_4", "label": "Partial mask: show last 4", "description": "Show last 4 characters; replace rest with 'X'", "transformer": "cast(regexp_replace({col}, '(.*)(.{4}$)', x -> regexp_replace(x[1], '.', 'X') || x[2]) as {type})" }, |
| { "itemId": 203206, "name": "trino:MASK_SHOW_FIRST_4", "label": "Partial mask: show first 4", "description": "Show first 4 characters; replace rest with 'x'", "transformer": "cast(regexp_replace({col}, '(^.{4})(.*)', x -> x[1] || regexp_replace(x[2], '.', 'X')) as {type})" }, |
| { "itemId": 203207, "name": "trino:MASK_HASH", "label": "Hash", "description": "Hash the value of a varchar with sha256", "transformer": "cast(to_hex(sha256(to_utf8({col}))) as {type})" }, |
| { "itemId": 203208, "name": "trino:MASK_NULL", "label": "Nullify", "description": "Replace with NULL" }, |
| { "itemId": 203209, "name": "trino:MASK_NONE", "label": "Unmasked (retain original value)", "description": "No masking" }, |
| { "itemId": 203215, "name": "trino:MASK_DATE_SHOW_YEAR", "label": "Date: show only year", "description": "Date: show only year", "transformer": "date_trunc('year', {col})" }, |
| { "itemId": 203216, "name": "trino:CUSTOM", "label": "Custom", "description": "Custom" }, |
| { "itemId": 17018, "name": "presto:MASK", "label": "Redact", "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'", "transformer": "cast(regexp_replace(regexp_replace(regexp_replace({col},'([A-Z])', 'X'),'([a-z])','x'),'([0-9])','0') as {type})" }, |
| { "itemId": 17019, "name": "presto:MASK_SHOW_LAST_4", "label": "Partial mask: show last 4", "description": "Show last 4 characters; replace rest with 'X'", "transformer": "cast(regexp_replace({col}, '(.*)(.{4}$)', x -> regexp_replace(x[1], '.', 'X') || x[2]) as {type})" }, |
| { "itemId": 17020, "name": "presto:MASK_SHOW_FIRST_4", "label": "Partial mask: show first 4", "description": "Show first 4 characters; replace rest with 'x'", "transformer": "cast(regexp_replace({col}, '(^.{4})(.*)', x -> x[1] || regexp_replace(x[2], '.', 'X')) as {type})" }, |
| { "itemId": 17021, "name": "presto:MASK_HASH", "label": "Hash", "description": "Hash the value of a varchar with sha256", "transformer": "cast(to_hex(sha256(to_utf8({col}))) as {type})" }, |
| { "itemId": 17022, "name": "presto:MASK_NULL", "label": "Nullify", "description": "Replace with NULL" }, |
| { "itemId": 17023, "name": "presto:MASK_NONE", "label": "Unmasked (retain original value)", "description": "No masking" }, |
| { "itemId": 17029, "name": "presto:MASK_DATE_SHOW_YEAR", "label": "Date: show only year", "description": "Date: show only year", "transformer": "date_trunc('year', {col})" }, |
| { "itemId": 17030, "name": "presto:CUSTOM", "label": "Custom", "description": "Custom" }, |
| { "itemId": 205206, "name": "nestedstructure:MASK", "label": "Redact", "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'", "transformer": "mask({field})" }, |
| { "itemId": 205207, "name": "nestedstructure:MASK_SHOW_LAST_4", "label": "Partial mask: show last 4", "description": "Show last 4 characters; replace rest with 'x'", "transformer": "mask_show_last_n({field}, 4, 'x', 'x', 'x', -1, '1')" }, |
| { "itemId": 205208, "name": "nestedstructure:MASK_SHOW_FIRST_4", "label": "Partial mask: show first 4", "description": "Show first 4 characters; replace rest with 'x'", "transformer": "mask_show_first_n({field}, 4, 'x', 'x', 'x', -1, '1')" }, |
| { "itemId": 205209, "name": "nestedstructure:MASK_HASH", "label": "Hash", "description": "Hash the value", "transformer": "mask_hash({field})" }, |
| { "itemId": 205210, "name": "nestedstructure:MASK_NULL", "label": "Nullify", "description": "Replace with NULL" }, |
| { "itemId": 205211, "name": "nestedstructure:MASK_NONE", "label": "Unmasked (retain original value)", "description": "No masking" }, |
| { "itemId": 205217, "name": "nestedstructure:MASK_DATE_SHOW_YEAR", "label": "Date: show only year", "description": "Date: show only year", "transformer": "mask({field}, 'x', 'x', 'x', -1, '1', 1, 0, -1)" }, |
| { "itemId": 205218, "name": "nestedstructure:CUSTOM", "label": "Custom", "description": "Custom" }, |
| { "itemId": 3004, "name": "hive:MASK", "label": "Redact", "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'", "transformer": "mask({col})" }, |
| { "itemId": 3005, "name": "hive:MASK_SHOW_LAST_4", "label": "Partial mask: show last 4", "description": "Show last 4 characters; replace rest with 'x'", "transformer": "mask_show_last_n({col}, 4, 'x', 'x', 'x', -1, '1')" }, |
| { "itemId": 3006, "name": "hive:MASK_SHOW_FIRST_4", "label": "Partial mask: show first 4", "description": "Show first 4 characters; replace rest with 'x'", "transformer": "mask_show_first_n({col}, 4, 'x', 'x', 'x', -1, '1')" }, |
| { "itemId": 3007, "name": "hive:MASK_HASH", "label": "Hash", "description": "Hash the value", "transformer": "mask_hash({col})" }, |
| { "itemId": 3008, "name": "hive:MASK_NULL", "label": "Nullify", "description": "Replace with NULL" }, |
| { "itemId": 3009, "name": "hive:MASK_NONE", "label": "Unmasked (retain original value)", "description": "No masking" }, |
| { "itemId": 3015, "name": "hive:MASK_DATE_SHOW_YEAR", "label": "Date: show only year", "description": "Date: show only year", "transformer": "mask({col}, 'x', 'x', 'x', -1, '1', 1, 0, -1)" }, |
| { "itemId": 3016, "name": "hive:CUSTOM", "label": "Custom", "description": "Custom" } |
| ], |
| "accessTypes": [ |
| { "itemId": 203204, "name": "trino:select", "label": "Select" }, |
| { "itemId": 17018, "name": "presto:select", "label": "Select" }, |
| { "itemId": 205206, "name": "nestedstructure:read", "label": "Read" }, |
| { "itemId": 3004, "name": "hive:select", "label": "select" } |
| ], |
| "resources": [ |
| { "itemId": 1, "name": "tag", "type": "string", "level": 1, "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": false, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", "matcherOptions": { "__isValidLeaf": "true", "wildCard": "false", "__accessTypeRestrictions": "[]", "ignoreCase": "false" }, "uiHint": "{ \"singleValue\":true }", "label": "TAG", "description": "TAG", "isValidLeaf": true } |
| ] |
| }, |
| "rowFilterDef": {}, |
| "markerAccessTypes": [ |
| { |
| "itemId": 205213, |
| "name": "_ALL", |
| "label": "_ALL", |
| "impliedGrants": [ |
| "ozone:write_acl", |
| "kms:get", |
| "atlas:type-delete", |
| "atlas:entity-create", |
| "hbase:execute", |
| "storm:fileDownload", |
| "kms:getkeys", |
| "storm:getTopologyConf", |
| "ozone:create", |
| "hive:tempudfadmin", |
| "kafka:idempotent_write", |
| "hive:write", |
| "trino:use", |
| "trino:grant", |
| "hdfs:execute", |
| "elasticsearch:indices_index", |
| "atlas:admin-export", |
| "kafka:configure", |
| "atlas:entity-read", |
| "presto:alter", |
| "atlas:entity-update-classification", |
| "trino:select", |
| "presto:execute", |
| "kafka:describe", |
| "atlas:admin-purge", |
| "kafka:consume", |
| "trino:delete", |
| "atlas:add-relationship", |
| "elasticsearch:indices_bulk", |
| "trino:drop", |
| "kudu:select", |
| "presto:use", |
| "hive:serviceadmin", |
| "elasticsearch:create_index", |
| "hive:index", |
| "nestedstructure:read", |
| "kms:setkeymaterial", |
| "kylin:OPERATION", |
| "schema-registry:create", |
| "presto:impersonate", |
| "storm:deactivate", |
| "elasticsearch:index", |
| "kafka:alter", |
| "atlas:entity-add-classification", |
| "atlas:entity-remove-classification", |
| "atlas:entity-add-label", |
| "schema-registry:update", |
| "kafka:kafka_admin", |
| "presto:drop", |
| "hive:refresh", |
| "atlas:entity-delete", |
| "presto:all", |
| "atlas:entity-update", |
| "elasticsearch:monitor", |
| "trino:insert", |
| "kudu:update", |
| "schema-registry:read", |
| "atlas:admin-audits", |
| "elasticsearch:delete_index", |
| "presto:show", |
| "ozone:write", |
| "hive:read", |
| "ozone:all", |
| "atlas:entity-remove-label", |
| "trino:all", |
| "presto:grant", |
| "kms:rollover", |
| "elasticsearch:view_index_metadata", |
| "presto:create", |
| "kafka:publish", |
| "kafka:create", |
| "trino:execute", |
| "hive:all", |
| "kms:delete", |
| "kylin:ADMIN", |
| "atlas:remove-relationship", |
| "kylin:MANAGEMENT", |
| "storm:killTopology", |
| "elasticsearch:indices_put", |
| "kudu:create", |
| "hive:update", |
| "sqoop:READ", |
| "presto:delete", |
| "atlas:entity-update-business-metadata", |
| "yarn:submit-app", |
| "solr:update", |
| "trino:create", |
| "hdfs:read", |
| "elasticsearch:write", |
| "hive:alter", |
| "kafka:alter_configs", |
| "storm:getUserTopology", |
| "storm:uploadNewCredentials", |
| "presto:insert", |
| "atlas:type-update", |
| "storm:submitTopology", |
| "storm:activate", |
| "kms:generateeek", |
| "kafka:cluster_action", |
| "trino:impersonate", |
| "hdfs:write", |
| "hbase:admin", |
| "elasticsearch:create", |
| "atlas:admin-import", |
| "kms:decrypteek", |
| "solr:query", |
| "atlas:type-create", |
| "kudu:all", |
| "nifi:WRITE", |
| "sqoop:WRITE", |
| "storm:getTopologyInfo", |
| "storm:getTopology", |
| "hbase:read", |
| "kms:getmetadata", |
| "storm:fileUpload", |
| "trino:alter", |
| "hive:drop", |
| "hive:create", |
| "yarn:admin-queue", |
| "kafka:describe_configs", |
| "ozone:delete", |
| "nifi-registry:READ", |
| "hive:repladmin", |
| "kudu:metadata", |
| "schema-registry:delete", |
| "nifi-registry:DELETE", |
| "kms:create", |
| "ozone:read", |
| "trino:show", |
| "ozone:read_acl", |
| "nifi:READ", |
| "hive:select", |
| "kudu:delete", |
| "atlas:type-read", |
| "kafka:delete", |
| "kylin:QUERY", |
| "elasticsearch:indices_search_shards", |
| "elasticsearch:read_cross_cluster", |
| "elasticsearch:manage", |
| "presto:select", |
| "ozone:list", |
| "nestedstructure:write", |
| "atlas:update-relationship", |
| "trino:revoke", |
| "nifi-registry:WRITE", |
| "storm:rebalance", |
| "hive:lock", |
| "presto:revoke", |
| "knox:allow", |
| "hbase:create", |
| "elasticsearch:delete", |
| "kudu:drop", |
| "hbase:write", |
| "elasticsearch:read", |
| "kudu:alter", |
| "kudu:insert", |
| "elasticsearch:all" |
| ] |
| } |
| ] |
| }, |
| "auditMode": "audit-default", |
| "serviceConfig": { |
| "ranger.plugin.audit.filters": "[ {'accessResult': 'DENIED', 'isAudited': true} ]" |
| } |
| }, |
| "serviceConfig": { |
| "ranger.plugin.audit.filters": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'actions':['METADATA OPERATION'], 'isAudited': false}, {'users':['hive','hue'],'actions':['SHOW_ROLES'],'isAudited':false} ]" |
| } |
| } |