Google Git
Sign in
apache / ranger / refs/heads/ranger-0.7 / . / hive-agent / src / test / resources / hive-policies.json
blob: 7b65d69e5fbd35a5af0dbe689f8f93da36d475b4 [file] [log] [blame]
{
"serviceName": "HIVETest",
"serviceId": 2,
"policyVersion": 11,
"policyUpdateTime": "20160915-12:47:25.000-+0100",
"policies": [
{
"service": "HIVETest",
"name": "all - database, table, column",
"policyType": 0,
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "select",
"isAllowed": true
},
{
"type": "update",
"isAllowed": true
},
{
"type": "create",
"isAllowed": true
},
{
"type": "drop",
"isAllowed": true
},
{
"type": "alter",
"isAllowed": true
},
{
"type": "index",
"isAllowed": true
},
{
"type": "lock",
"isAllowed": true
},
{
"type": "all",
"isAllowed": true
}
],
"users": [
"admin"
],
"groups": [],
"conditions": [],
"delegateAdmin": true
},
{
"accesses": [
{
"type": "create",
"isAllowed": true
}
],
"users": [
"bob"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 8,
"isEnabled": true,
"version": 2
},
{
"service": "HIVETest",
"name": "Delagate admin-allowed on rangerauthzx",
"policyType": 0,
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"rangerauthzx"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "select",
"isAllowed": true
},
{
"type": "update",
"isAllowed": true
},
{
"type": "create",
"isAllowed": true
},
{
"type": "drop",
"isAllowed": true
},
{
"type": "alter",
"isAllowed": true
},
{
"type": "index",
"isAllowed": true
},
{
"type": "lock",
"isAllowed": true
},
{
"type": "all",
"isAllowed": true
}
],
"users": [
"da_test_user"
],
"groups": [],
"conditions": [],
"delegateAdmin": true
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 8,
"isEnabled": true,
"version": 2
}
,
{
"service": "HIVETest",
"name": "all - database, udf",
"policyType": 0,
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"udf": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "select",
"isAllowed": true
},
{
"type": "update",
"isAllowed": true
},
{
"type": "create",
"isAllowed": true
},
{
"type": "drop",
"isAllowed": true
},
{
"type": "alter",
"isAllowed": true
},
{
"type": "index",
"isAllowed": true
},
{
"type": "lock",
"isAllowed": true
},
{
"type": "all",
"isAllowed": true
}
],
"users": [
"admin"
],
"groups": [],
"conditions": [],
"delegateAdmin": true
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 9,
"isEnabled": true,
"version": 1
},
{
"service": "HIVETest",
"name": "SelectUpdateAllWords",
"policyType": 0,
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"rangerauthz"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"words"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "select",
"isAllowed": true
},
{
"type": "update",
"isAllowed": true
}
],
"users": [
"bob"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
},
{
"accesses": [
{
"type": "select",
"isAllowed": true
}
],
"users": [
"dave",
"jane"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 10,
"isEnabled": true,
"version": 3
},
{
"service": "HIVETest",
"name": "SelectCountWords",
"policyType": 0,
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"rangerauthz"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"count"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"words"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "select",
"isAllowed": true
}
],
"users": [],
"groups": [
"IT"
],
"conditions": [],
"delegateAdmin": false
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 11,
"isEnabled": true,
"version": 1
},
{
"service": "HIVETest",
"name": "TmpUpdatePolicy",
"policyType": 0,
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"*_tmp_*"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "select",
"isAllowed": true
}
],
"users": [
"bob"
],
"groups": [
"IT"
],
"conditions": [],
"delegateAdmin": false
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 12,
"isEnabled": true,
"version": 1
},
{
"service": "HIVETest",
"name": "DaveFilter",
"policyType": 2,
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"rangerauthz"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"words"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [
{
"rowFilterInfo": {
"filterExpr": "count \u003e\u003d \u002780\u0027"
},
"accesses": [
{
"type": "select",
"isAllowed": true
}
],
"users": [
"dave"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
}
],
"id": 13,
"isEnabled": true,
"version": 1
},
{
"service": "HIVETest",
"name": "JaneWordMask",
"policyType": 1,
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"rangerauthz"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"word"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"words"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [
{
"dataMaskInfo": {
"dataMaskType": "MASK_HASH"
},
"accesses": [
{
"type": "select",
"isAllowed": true
}
],
"users": [
"jane"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
}
],
"rowFilterPolicyItems": [],
"id": 14,
"isEnabled": true,
"version": 1
},
{
"service": "cl1_hive",
"name": " Test URI s3a://test/data read/write ",
"policyType": 0,
"isAuditEnabled": true,
"resources": {
"uri": {
"values": [
"s3a://test/data"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "create",
"isAllowed": true
},
{
"type": "read",
"isAllowed": true
},
{
"type": "write",
"isAllowed": true
}
],
"users": [
"bob"
],
"groups": [],
"conditions": [],
"delegateAdmin": true
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"id": 9,
"isEnabled": true,
"version": 2
}
],
"serviceDef": {
"name": "hive",
"implClass": "org.apache.ranger.services.hive.RangerServiceHive",
"label": "Hive Server2",
"description": "Hive Server2",
"options": {},
"configs": [
{
"itemId": 1,
"name": "username",
"type": "string",
"mandatory": true,
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Username"
},
{
"itemId": 2,
"name": "password",
"type": "password",
"mandatory": true,
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Password"
},
{
"itemId": 3,
"name": "jdbc.driverClassName",
"type": "string",
"mandatory": true,
"defaultValue": "org.apache.hive.jdbc.HiveDriver",
"validationRegEx": "",
"validationMessage": "",
"uiHint": ""
},
{
"itemId": 4,
"name": "jdbc.url",
"type": "string",
"mandatory": true,
"defaultValue": "",
"validationRegEx": "",
"validationMessage": "",
"uiHint": ""
},
{
"itemId": 5,
"name": "commonNameForCertificate",
"type": "string",
"mandatory": false,
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Common Name for Certificate"
}
],
"resources": [
{
"itemId": 1,
"name": "database",
"type": "string",
"level": 10,
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "true",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Hive Database",
"description": "Hive Database"
},
{
"itemId": 2,
"name": "table",
"type": "string",
"level": 20,
"parent": "database",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "true",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Hive Table",
"description": "Hive Table"
},
{
"itemId": 3,
"name": "udf",
"type": "string",
"level": 20,
"parent": "database",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "true",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Hive UDF",
"description": "Hive UDF"
},
{
"itemId": 4,
"name": "column",
"type": "string",
"level": 30,
"parent": "table",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "true",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Hive Column",
"description": "Hive Column"
},
{
"itemId": 5,
"name": "url",
"type": "string",
"level": 10,
"parent": "",
"mandatory": true,
"lookupSupported": false,
"recursiveSupported": true,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
"matcherOptions": { "wildCard":true, "ignoreCase":false },
"validationRegEx":"",
"validationMessage": "",
"uiHint":"",
"label": "URL",
"description": "URL"
}
],
"accessTypes": [
{
"itemId": 1,
"name": "select",
"label": "select",
"impliedGrants": []
},
{
"itemId": 2,
"name": "update",
"label": "update",
"impliedGrants": []
},
{
"itemId": 3,
"name": "create",
"label": "Create",
"impliedGrants": []
},
{
"itemId": 4,
"name": "drop",
"label": "Drop",
"impliedGrants": []
},
{
"itemId": 5,
"name": "alter",
"label": "Alter",
"impliedGrants": []
},
{
"itemId": 6,
"name": "index",
"label": "Index",
"impliedGrants": []
},
{
"itemId": 7,
"name": "lock",
"label": "Lock",
"impliedGrants": []
},
{
"itemId": 8,
"name": "all",
"label": "All",
"impliedGrants": [
"select",
"update",
"create",
"drop",
"alter",
"index",
"lock"
]
},
{
"itemId": 9,
"name": "read",
"label": "Read",
"impliedGrants": []
},
{
"itemId": 10,
"name": "write",
"label": "Write",
"impliedGrants": []
}
],
"policyConditions": [],
"contextEnrichers": [],
"enums": [],
"dataMaskDef": {
"maskTypes": [
{
"itemId": 1,
"name": "MASK",
"label": "Mask",
"description": "Replace lowercase with \u0027x\u0027, uppercase with \u0027X\u0027, digits with \u00270\u0027",
"transformer": "mask({col})",
"dataMaskOptions": {}
},
{
"itemId": 2,
"name": "MASK_SHOW_LAST_4",
"label": "Partial mask: show last 4",
"description": "Show last 4 characters; replace rest with \u0027x\u0027",
"transformer": "mask_show_last_n({col}, 4, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027)",
"dataMaskOptions": {}
},
{
"itemId": 3,
"name": "MASK_SHOW_FIRST_4",
"label": "Partial mask: show first 4",
"description": "Show first 4 characters; replace rest with \u0027x\u0027",
"transformer": "mask_show_first_n({col}, 4, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027)",
"dataMaskOptions": {}
},
{
"itemId": 4,
"name": "MASK_HASH",
"label": "Hash",
"description": "Hash the value",
"transformer": "mask_hash({col})",
"dataMaskOptions": {}
},
{
"itemId": 5,
"name": "MASK_NULL",
"label": "NULL",
"description": "Replace with NULL",
"dataMaskOptions": {}
},
{
"itemId": 6,
"name": "MASK_NONE",
"label": "No masking",
"description": "No masking",
"dataMaskOptions": {}
},
{
"itemId": 7,
"name": "MASK_DATE_DAY",
"label": "Date: mask day",
"description": "Date: mask day",
"transformer": "mask({col}, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027, 1, -1, -1)",
"dataMaskOptions": {}
},
{
"itemId": 8,
"name": "MASK_DATE_MONTH",
"label": "Date: mask month",
"description": "Date: mask month",
"transformer": "mask({col}, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027, -1, 0, -1)",
"dataMaskOptions": {}
},
{
"itemId": 9,
"name": "MASK_DATE_YEAR",
"label": "Date: mask year",
"description": "Date: mask year",
"transformer": "mask({col}, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027, -1, -1, 0)",
"dataMaskOptions": {}
},
{
"itemId": 10,
"name": "MASK_DATE_SHOW_DAY",
"label": "Date: show only day",
"description": "Date: show only day",
"transformer": "mask({col}, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027, -1, 0, 0)",
"dataMaskOptions": {}
},
{
"itemId": 11,
"name": "MASK_DATE_SHOW_MONTH",
"label": "Date: show only month",
"description": "Date: show only month",
"transformer": "mask({col}, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027, 1, -1, 0)",
"dataMaskOptions": {}
},
{
"itemId": 12,
"name": "MASK_DATE_SHOW_YEAR",
"label": "Date: show only year",
"description": "Date: show only year",
"transformer": "mask({col}, \u0027x\u0027, \u0027x\u0027, \u0027x\u0027, -1, \u00271\u0027, 1, 0, -1)",
"dataMaskOptions": {}
},
{
"itemId": 13,
"name": "CUSTOM",
"label": "Custom",
"description": "Custom",
"dataMaskOptions": {}
}
],
"accessTypes": [
{
"itemId": 1,
"name": "select",
"label": "select",
"impliedGrants": []
}
],
"resources": [
{
"itemId": 1,
"name": "database",
"type": "string",
"level": 10,
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "false",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "{ \"singleValue\":true }",
"label": "Hive Database",
"description": "Hive Database"
},
{
"itemId": 2,
"name": "table",
"type": "string",
"level": 20,
"parent": "database",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "false",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "{ \"singleValue\":true }",
"label": "Hive Table",
"description": "Hive Table"
},
{
"itemId": 4,
"name": "column",
"type": "string",
"level": 30,
"parent": "table",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "false",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "{ \"singleValue\":true }",
"label": "Hive Column",
"description": "Hive Column"
}
]
},
"rowFilterDef": {
"accessTypes": [
{
"itemId": 1,
"name": "select",
"label": "select",
"impliedGrants": []
}
],
"resources": [
{
"itemId": 1,
"name": "database",
"type": "string",
"level": 10,
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "false",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "{ \"singleValue\":true }",
"label": "Hive Database",
"description": "Hive Database"
},
{
"itemId": 2,
"name": "table",
"type": "string",
"level": 20,
"parent": "database",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": "false",
"ignoreCase": "true"
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "{ \"singleValue\":true }",
"label": "Hive Table",
"description": "Hive Table"
}
]
},
"id": 3,
"guid": "3e1afb5a-184a-4e82-9d9c-87a5cacc243c",
"isEnabled": true,
"createTime": "20160914-11:19:33.000-+0100",
"updateTime": "20160914-11:19:33.000-+0100",
"version": 1
}
}