| { |
| "testCases": [ |
| { |
| "name": "Test-ACL-Provider", |
| |
| "servicePolicies": { |
| "serviceName": "hivedev", |
| "serviceDef": { |
| "name": "hive", "id": 3, |
| "resources": [ |
| { "name": "database", "level": 1, "mandatory": true, "lookupSupported": true, |
| "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", |
| "matcherOptions": { "wildCard": true, "ignoreCase": true }, |
| "label": "Hive Database", "description": "Hive Database" |
| }, |
| { |
| "name": "table", "level": 2, "parent": "database", "mandatory": true, "lookupSupported": true, |
| "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", |
| "matcherOptions": { "wildCard": true, "ignoreCase": true }, |
| "label": "Hive Table", "description": "Hive Table" |
| }, |
| { |
| "name": "udf", "level": 2, "parent": "database", "mandatory": true, "lookupSupported": true, |
| "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", |
| "matcherOptions": { "wildCard": true, "ignoreCase": true }, |
| "label": "Hive UDF", "description": "Hive UDF" |
| }, |
| { |
| "name": "column", "level": 3, "parent": "table", "mandatory": true, "lookupSupported": true, |
| "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", |
| "matcherOptions": { "wildCard": true, "ignoreCase": true }, |
| "label": "Hive Column", "description": "Hive Column" |
| } |
| ], |
| "accessTypes": [ |
| { "name": "select", "label": "Select" }, |
| { "name": "update", "label": "Update" }, |
| { "name": "create", "label": "Create" }, |
| { "name": "drop", "label": "Drop" }, |
| { "name": "alter", "label": "Alter" }, |
| { "name": "index", "label": "Index" }, |
| { "name": "lock", "label": "Lock" }, |
| { "name": "all", "label": "All" } |
| ], |
| "policyConditions":[ |
| { "itemId": 1, "name": "ip-range", |
| "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher", "evaluatorOptions": { }, |
| "label": "IP Address Range", "description": "IP Address Range" |
| } |
| ] |
| }, |
| "policies": [ |
| { |
| "id": 1, "name": "db=default: audit-all-access", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "database": { "values": [ "default" ] }, |
| "table": { "values": [ "*" ] }, |
| "column": { "values": [ "*" ] } |
| }, |
| "policyItems": [ |
| { "accesses": [], "users": [], "groups": [ "public" ], "delegateAdmin": false } |
| ] |
| }, |
| { |
| "id": 2, "name": "db=default; table=test1,test2; column=column1", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "database": { "values": [ "default" ] }, |
| "table": { "values": [ "test1", "test2" ] }, |
| "column": { "values": [ "column1" ] } |
| }, |
| "policyItems": [ |
| { "accesses": [ { "type": "select", "isAllowed": true } ], |
| "users": [ "user1", "user2" ], "groups": [ "group1", "group2" ], |
| "delegateAdmin": false |
| }, |
| { "accesses": [ { "type": "create", "isAllowed": true }, { "type": "drop", "isAllowed": true } ], |
| "users": [ "admin" ], "groups": [ "cluster-admin" ], |
| "delegateAdmin": true |
| } |
| ] |
| }, |
| { |
| "id": 3, "name": "db=default; table=test1,test2; column=column2", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "database": { "values": [ "default" ] }, |
| "table": { "values": [ "test1", "test2" ] }, |
| "column": { "values": [ "column2" ] } |
| }, |
| "policyItems": [ |
| { "accesses": [ { "type": "select", "isAllowed": true } ], |
| "users": [ "user1", "user2" ], "groups": [ "group1", "group2" ], |
| "delegateAdmin": false |
| }, |
| { |
| "accesses": [ |
| { "type": "create", "isAllowed": true }, |
| { "type": "drop", "isAllowed": true } |
| ], |
| "users": [ "admin" ], "groups": [ "cluster-admin" ], |
| "delegateAdmin": true |
| } |
| ] |
| }, |
| { |
| "id": 4, "name": "db=finance; table=fin_*; column=*", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "database": { "values": [ "finance" ] }, |
| "table": { "values": [ "fin_*" ] }, |
| "column": { "values": [ "*" ] } |
| }, |
| "policyItems": [ |
| { "accesses": [ { "type": "select", "isAllowed": true } ], |
| "users": [ "user1", "user2" ], "groups": [ "finance-controller" ], |
| "delegateAdmin": true |
| } |
| ] |
| }, |
| { |
| "id": 5, "name": "db=db1; table=tmp; column=tmp*", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "database": { "values": [ "db1" ] }, |
| "table": { "values": [ "tmp" ] }, |
| "column": { "values": [ "tmp*" ], "isExcludes": false } |
| }, |
| "policyItems": [ |
| { "accesses": [ { "type": "select", "isAllowed": true }, { "type": "create", "isAllowed": true } ], |
| "users": [ "user1", "user2" ], "groups": [ "cluster-admin", "finance-controller" ], |
| "delegateAdmin": true |
| } |
| ] |
| }, |
| { |
| "id": 6, "name": "db=hr;udf=udf", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "database": { "values": [ "hr" ] }, |
| "udf": { "values": [ "udf" ] } |
| }, |
| "policyItems": [ |
| { "accesses": [ { "type": "select", "isAllowed": true }, { "type": "create", "isAllowed": true } ], |
| "users": [ "user1", "user2" ], "groups": [ "cluster-admin" ], |
| "delegateAdmin": true |
| } |
| ] |
| }, |
| { |
| "id": 7, "name": "db=hr;udf=udf*", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "database": { "values": [ "hr" ] }, |
| "udf": { "values": [ "udf*" ] } |
| }, |
| "denyPolicyItems": [ |
| { "accesses": [ { "type": "select", "isAllowed": true }, { "type": "create", "isAllowed": true } ], |
| "users": [ "user3" ], "groups": [ "public" ], |
| "delegateAdmin": true |
| } |
| ] |
| }, |
| { |
| "id": 8, "name": "db=hr*;udf=udf", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "database": { "values": [ "hr*" ] }, |
| "udf": { "values": [ "udf" ] } |
| }, |
| "validitySchedules": [ |
| { "startTime": "2018/01/12 14:32:00", "endTime": "2020/02/13 12:16:00" } |
| ], |
| "policyItems": [ |
| { "accesses": [ { "type": "select", "isAllowed": true }, { "type": "create", "isAllowed": true } ], |
| "users": [ "user4" ], "groups": [ "hr-admin" ], |
| "delegateAdmin": true |
| } |
| ] |
| }, |
| { |
| "id": 9, "name": "db=default; table=test2; column=column2", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "database": { "values": [ "default" ] }, |
| "table": { "values": [ "test2" ] }, |
| "column": { "values": [ "column2" ] } |
| }, |
| "policyItems": [ |
| { "accesses": [ { "type": "select", "isAllowed": true } ], |
| "users": [ "user2", "user3" ], "groups": [], |
| "delegateAdmin": false |
| } |
| ], |
| "denyPolicyItems": [ |
| { |
| "accesses": [ { "type": "select", "isAllowed": true }, { "type": "create", "isAllowed": true } ], |
| "users": [ "user2", "user3", "user4" ], "groups": [ "group3" ], |
| "delegateAdmin": false |
| } |
| ], |
| "denyExceptions": [ |
| { "accesses": [ { "type": "select", "isAllowed": true } ], |
| "users": [ "user3" ], "groups": [], |
| "delegateAdmin": false |
| } |
| ] |
| }, |
| { |
| "id": 10, "name": "db=finance; table=fin_*; column=salary", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "database": { "values": [ "finance" ] }, |
| "table": { "values": [ "fin_*" ] }, |
| "column": { "values": [ "salary" ] } |
| }, |
| "policyItems": [ |
| { "accesses": [ { "type": "select", "isAllowed": true } ], |
| "users": [ "user3" ], "groups": [ "cluster-admin" ], |
| "delegateAdmin": true, |
| "conditions":[{"type":"ip-range","values":["1.*.1.*"]}] |
| } |
| ] |
| }, |
| { |
| "id": 11, "name": "db=default; table=table; column=column", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "database": { "values": [ "default" ] }, |
| "table": { "values": [ "table" ] }, |
| "column": { "values": [ "column" ] } |
| }, |
| "policyItems": [ |
| { "accesses": [ { "type": "select", "isAllowed": true } ], |
| "users": [ "user1", "user2", "user3", "user4" ], "groups": [ "cluster-admin" ], |
| "delegateAdmin": true |
| } |
| ], |
| "allowExceptions": [ |
| { "accesses": [ { "type": "select", "isAllowed": true } ], |
| "users": [ "user4" ], "groups": [ "finance-admin" ], |
| "delegateAdmin": true |
| } |
| ], |
| "denyPolicyItems": [ |
| { "accesses": [ { "type": "select", "isAllowed": true } ], |
| "users": [ "user2", "user3" ], "groups": [ "public" ], |
| "delegateAdmin": true |
| } |
| ], |
| "denyExceptions": [ |
| { "accesses": [ { "type": "select", "isAllowed": true } ], |
| "users": [ "user2", "user4" ], "groups": [], |
| "delegateAdmin": true |
| } |
| ] |
| }, |
| { |
| "id": 12, "name": "db=finance; table=accounts; column=status", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "database": { "values": [ "finance" ] }, |
| "table": { "values": [ "accounts" ] }, |
| "column": { "values": [ "status" ] } |
| }, |
| "policyItems": [ |
| { "accesses": [ { "type": "select", "isAllowed": true }, { "type": "update", "isAllowed": true } ], |
| "users": [ "john", "jane" ], "groups": [ "accounting", "admin" ], |
| "delegateAdmin": true |
| }, |
| { "accesses": [ { "type": "select", "isAllowed": true } ], |
| "users": [], "groups": [ "public" ] |
| } |
| ], |
| "allowExceptions": [ |
| { "accesses": [ { "type": "update", "isAllowed": true } ], |
| "users": [ "mary" ], "groups": [ "interns" ] |
| } |
| ], |
| "denyPolicyItems": [ |
| { "accesses": [ { "type": "select", "isAllowed": true } ], |
| "users": [], "groups": [ "housekeeping" ] |
| } |
| ] |
| }, |
| { |
| "id": 13, "name": "db=finance; table=accounts; column=amount", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "database": { "values": [ "finance" ] }, |
| "table": { "values": [ "accounts" ] }, |
| "column": { "values": [ "amount" ] } |
| }, |
| "policyItems": [ |
| { "accesses": [ { "type": "select", "isAllowed": true }, { "type": "update", "isAllowed": true } ], |
| "users": [ "john", "jane" ], "groups": [ "accounting", "admin" ], |
| "delegateAdmin": true |
| }, |
| { "accesses": [ { "type": "select", "isAllowed": true } ], |
| "users": [], "groups": [ "public" ] |
| } |
| ], |
| "allowExceptions": [ |
| { "accesses": [ { "type": "update", "isAllowed": true } ], |
| "users": [ "mary" ], "groups": [ "interns" ] |
| } |
| ], |
| "denyPolicyItems": [ |
| { "accesses": [ { "type": "drop", "isAllowed": true } ], |
| "users": [], "groups": [ "housekeeping" ] |
| } |
| ] |
| }, |
| { |
| "id": 13, "name": "db=db1; table=tbl1; column=col1", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "database": { "values": [ "db1" ] }, |
| "table": { "values": [ "tbl1" ] }, |
| "column": { "values": [ "col1" ] } |
| }, |
| "policyItems": [ |
| { "accesses": [ { "type": "select", "isAllowed": true }, { "type": "update", "isAllowed": true } ], |
| "users": [ "john", "jane" ] |
| } |
| ], |
| "allowExceptions": [ |
| { "accesses": [ { "type": "update", "isAllowed": true } ], |
| "users": [ "john" ], |
| "conditions":[{"type":"ip-range","values":["1.*.1.*"]}] |
| } |
| ], |
| "denyPolicyItems": [ |
| { "accesses": [ { "type": "drop", "isAllowed": true } ], |
| "users": ["adam", "eve"] |
| } |
| ], |
| "denyExceptions": [ |
| { "accesses": [ { "type": "select", "isAllowed": true }, { "type": "drop", "isAllowed": true }], |
| "users": ["eve"], |
| "conditions":[{"type":"ip-range","values":["10.*.10.*"]}] |
| } |
| ] |
| }, |
| { |
| "id": 14, "name": "db=db2; table=tbl2; column=col2", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "database": { "values": [ "db2" ] }, |
| "table": { "values": [ "tbl2" ] }, |
| "column": { "values": [ "col2" ] } |
| }, |
| "policyItems": [ |
| { "accesses": [ { "type": "select", "isAllowed": true }, { "type": "update", "isAllowed": true } ], |
| "users": [ "john", "jane" ] |
| } |
| ], |
| "allowExceptions": [ |
| { "accesses": [ { "type": "update", "isAllowed": true } ], |
| "users": [ "john" ] |
| } |
| ], |
| "denyPolicyItems": [ |
| { "accesses": [ { "type": "drop", "isAllowed": true } ], |
| "users": ["adam", "eve"] |
| } |
| ], |
| "denyExceptions": [ |
| { "accesses": [ { "type": "select", "isAllowed": true }, { "type": "drop", "isAllowed": true }], |
| "users": ["eve"], |
| "conditions":[{"type":"ip-range","values":["10.*.10.*"]}] |
| } |
| ] |
| } |
| ], |
| "tagPolicies": { |
| "serviceName": "tagdev", |
| "serviceDef": { |
| "name": "tag", "id": 100, |
| "resources": [ |
| { "itemId": 1, "name": "tag", "type": "string", "level": 1, "parent": "", "mandatory": true, |
| "lookupSupported": true, "recursiveSupported": false, "excludesSupported": false, |
| "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", |
| "matcherOptions": { "wildCard": true, "ignoreCase": false }, |
| "label": "TAG", "description": "TAG" |
| } |
| ], |
| "accessTypes": [ |
| { "itemId": 1, "name": "hive:select", "label": "hive:select" }, |
| { "itemId": 2, "name": "hive:update", "label": "hive:update" }, |
| { "itemId": 3, "name": "hive:create", "label": "hive:create" }, |
| { "itemId": 4, "name": "hive:drop", "label": "hive:drop" }, |
| { "itemId": 5, "name": "hive:alter", "label": "hive:alter" }, |
| { "itemId": 6, "name": "hive:index", "label": "hive:index" }, |
| { "itemId": 7, "name": "hive:lock", "label": "hive:lock" }, |
| { "itemId": 8, "name": "hive:all", "label": "hive:all", |
| "impliedGrants": [ "hive:select", "hive:update", "hive:create", "hive:drop", "hive:alter", "hive:index", "hive:lock" ] } |
| ], |
| "contextEnrichers": [ |
| { "itemId": 1, "name": "TagEnricher", |
| "enricher": "org.apache.ranger.plugin.contextenricher.RangerTagEnricher", |
| "enricherOptions": { |
| "tagRetrieverClassName": "org.apache.ranger.plugin.contextenricher.RangerFileBasedTagRetriever", |
| "tagRefresherPollingInterval": 60000, |
| "serviceTagsFileName": "/policyengine/ACLResourceTags.json" |
| } |
| } |
| ], |
| "policyConditions": [ |
| { "itemId": 1, "name": "expression", |
| "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator", |
| "evaluatorOptions": { "engineName": "JavaScript", "ui.isMultiline": "true" }, |
| "label": "Enter boolean expression", "description": "Boolean expression" |
| }, |
| { |
| "itemId": 2, "name": "enforce-expiry", |
| "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptTemplateConditionEvaluator", |
| "evaluatorOptions": { "scriptTemplate": "ctx.isAccessedAfter('expiry_date');" }, |
| "label": "Deny access after expiry_date?", "description": "Deny access after expiry_date? (yes/no)" |
| }, |
| { |
| "itemId": 3, "name": "ip-range", |
| "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher", "evaluatorOptions": { }, |
| "label": "IP Address Range", "description": "IP Address Range" |
| } |
| ] |
| }, |
| "policies": [ |
| { "id": 101, "name": "RESTRICTED_TAG_POLICY", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "tag": { "values": [ "RESTRICTED" ], "isRecursive": false } |
| }, |
| "policyItems": [ |
| { "accesses": [ { "type": "hive:select", "isAllowed": true } ], |
| "users": [ "hive", "user1" ], |
| "groups": [], |
| "delegateAdmin": false, |
| "conditions": [ |
| { "type": "expression", "values": [ "if ( tagAttr.get('score') < 2 ) ctx.result = true;" ] } |
| ] |
| } |
| ] |
| }, |
| { |
| "id": 102, "name": "PII_TAG_POLICY", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "tag": { "values": [ "PII" ], "isRecursive": false } |
| }, |
| "policyItems": [ |
| { "accesses": [ { "type": "hive:select", "isAllowed": true }, { "type": "hive:create", "isAllowed": true } ], |
| "users": [ "hive" ], "groups": [], |
| "delegateAdmin": false |
| } |
| ], |
| "denyPolicyItems": [ |
| { "accesses": [ { "type": "hive:select", "isAllowed": true } ], |
| "users": [ "hive" ], "groups": [], |
| "delegateAdmin": false |
| } |
| ] |
| }, |
| { |
| "id": 103, "name": "PII_TAG_POLICY-FINAL", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "tag": { "values": [ "PII-FINAL" ], "isRecursive": false } |
| }, |
| "policyItems": [ |
| { "accesses": [ { "type": "hive:index", "isAllowed": true } ], |
| "users": [ ], "groups": [ "public" ], |
| "delegateAdmin": false, |
| "conditions":[{"type":"ip-range","values":["1.*.1.*"]}] |
| } |
| ], |
| "denyPolicyItems": [ |
| { "accesses": [ { "type": "hive:select", "isAllowed": true } ], |
| "users": [ "admin" ], "groups": [], |
| "delegateAdmin": false |
| } |
| ], |
| "denyExceptions": [ |
| { |
| "accesses": [ |
| { "type": "hive:drop", "isAllowed": true } |
| ], |
| "users": [ "hive" ], "groups": [], |
| "delegateAdmin": false |
| } |
| ] |
| }, |
| { |
| "id": 104, "name": "RESTRICTED_TAG_POLICY_FINAL", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "tag": { "values": [ "RESTRICTED-FINAL" ], "isRecursive": false } |
| }, |
| "denyPolicyItems": [ |
| { "accesses": [ { "type": "hive:select", "isAllowed": true } ], |
| "users": [], "groups": [ "public" ], |
| "delegateAdmin": false |
| } |
| ], |
| "denyExceptions": [ |
| { "accesses": [ { "type": "hive:select", "isAllowed": true } ], |
| "users": [ "hive", "user1" ], "groups": [], |
| "delegateAdmin": false, |
| "conditions": [ |
| { "type": "expression", "values": [ "if ( ctx.isAccessedBefore('activation_date') ) ctx.result = true;" ] } |
| ] |
| } |
| ] |
| }, |
| { |
| "id": 105, "name": "EXPIRES_ON", "isEnabled": true, "isAuditEnabled": true, |
| "resources": { |
| "tag": { "values": [ "EXPIRES_ON" ], "isRecursive": false } |
| }, |
| "denyPolicyItems": [ |
| { "accesses": [ { "type": "hive:select", "isAllowed": true } ], |
| "users": [], "groups": [ "public" ], |
| "delegateAdmin": false, |
| "conditions": [ |
| { "type": "enforce-expiry", "values": [ "yes" ] } |
| ] |
| } |
| ], |
| "denyExceptions": [ |
| { "accesses": [ { "type": "hive:select", "isAllowed": true } ], |
| "users": [ "dataloader" ], "groups": [], |
| "delegateAdmin": false |
| } |
| ] |
| } |
| ] |
| } |
| }, |
| |
| "tests": [ |
| { |
| "name": "all-deny-test", |
| "resource": {"elements":{"database":"hr", "udf":"udf" }}, |
| "userPermissions": {}, |
| "groupPermissions": {"public": {"select":{"result":-1, "isFinal":true},"create":{"result":-1, "isFinal":true}}} |
| }, |
| { |
| "name": "no-deny-test", |
| "resource": {"elements":{"database":"default", "table":"test1", "column":"column2"}}, |
| "userPermissions": {"user1":{"select":{"result":1, "isFinal":true}}, "user2":{"select":{"result":1, "isFinal":true}}, "admin":{"create":{"result":1, "isFinal":true},"drop":{"result":1, "isFinal":true}}}, |
| "groupPermissions": {"group1": {"select":{"result":1, "isFinal":true}}, "group2": {"select":{"result":1, "isFinal":true}},"cluster-admin": {"create":{"result":1, "isFinal":true},"drop":{"result":1, "isFinal":true}}} |
| }, |
| { |
| "name": "partial-deny-test", |
| "resource": {"elements":{"database":"default", "table":"test2", "column":"column2"}}, |
| "userPermissions": {"user1":{"select":{"result":1, "isFinal":true}}, "user2":{"select":{"result":-1, "isFinal":true},"create":{"result":-1, "isFinal":true}}, "user3":{"select":{"result":1, "isFinal":true},"create":{"result":-1, "isFinal":true}},"user4":{"select":{"result":-1, "isFinal":true},"create":{"result":-1, "isFinal":true}},"admin":{"create":{"result":1, "isFinal":true},"drop":{"result":1, "isFinal":true}}}, |
| "groupPermissions": {"group1": {"select":{"result":1, "isFinal":true}}, "group2": {"select":{"result":1, "isFinal":true}},"group3": {"select":{"result":-1, "isFinal":true},"create":{"result":-1, "isFinal":true}},"cluster-admin": {"create":{"result":1, "isFinal":true},"drop":{"result":1, "isFinal":true}}} |
| }, |
| { |
| "name": "conditional-deny-test", |
| "resource": {"elements":{"database":"finance", "table":"fin_1", "column":"salary"}}, |
| "userPermissions": {"user1":{"select":{"result":1, "isFinal":true}}, "user2":{"select":{"result":1, "isFinal":true}}, "user3":{"select":{"result":2, "isFinal":true}} }, |
| "groupPermissions": {"finance-controller": {"select":{"result":1, "isFinal":true}}, "cluster-admin": {"select":{"result":2, "isFinal":true}}} |
| }, |
| { |
| "name": "conditional-tag-only-test-descendant", |
| "resource": {"elements":{"database":"finance", "table":"sales"}}, |
| "userPermissions": {"hive":{"select":{"result":-1, "isFinal":true},"create":{"result":1, "isFinal":true}, "drop":{"result":-1, "isFinal":true}}, "admin":{"select":{"result":-1, "isFinal":true}} }, |
| "groupPermissions": {"public": {"index":{"result":2, "isFinal":true}}} |
| }, |
| { |
| "name": "all-types-of-policy-items", |
| "resource": {"elements":{"database":"default", "table":"table", "column":"column"}}, |
| "userPermissions": {"user1":{"select":{"result":2, "isFinal":true}}, "user2":{"select":{"result":2, "isFinal":true}}, "user3":{"select":{"result":2, "isFinal":true}}, "user4":{"select":{"result":2, "isFinal":true}} }, |
| "groupPermissions": {"public": {"select":{"result":2, "isFinal":true}}, "cluster-admin": {"select":{"result":2, "isFinal":true}}} |
| }, |
| { |
| "name": "public-allow-test", |
| "resource": {"elements":{"database":"finance", "table":"accounts", "column": "status" }}, |
| "userPermissions": {"john":{"select":{"result":2, "isFinal":true}, "update":{"result":2, "isFinal":true}}, "jane":{"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "mary":{"update":{"result":-1, "isFinal":true}}}, |
| "groupPermissions": {"public": {"select":{"result":2, "isFinal":true}}, "accounting": {"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "admin": {"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "interns":{"update":{"result":-1, "isFinal":true}}, "housekeeping":{"select":{"result":-1, "isFinal":true}}} |
| }, |
| { |
| "name": "public-allow-test-next", |
| "resource": {"elements":{"database":"finance", "table":"accounts", "column": "amount" }}, |
| "userPermissions": {"john":{"select":{"result":2, "isFinal":true}, "update":{"result":2, "isFinal":true}}, "jane":{"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "mary":{"update":{"result":-1, "isFinal":true}}}, |
| "groupPermissions": {"public": {"select":{"result":2, "isFinal":true}}, "accounting": {"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "admin": {"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "interns":{"update":{"result":-1, "isFinal":true}}, "housekeeping":{"drop":{"result":-1, "isFinal":true}}} |
| }, |
| { |
| "name": "conditions-in-exceptions-test", |
| "resource": {"elements":{"database":"db1", "table":"tbl1", "column": "col1" }}, |
| "userPermissions": {"john":{"select":{"result":2, "isFinal":true}, "update":{"result":2, "isFinal":true}}, "jane":{"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "adam":{"drop":{"result":2, "isFinal":true}}, "eve":{"drop":{"result":2, "isFinal":true}}}, |
| "groupPermissions": {} |
| }, |
| { |
| "name": "conditions-in-some-exceptions-test", |
| "resource": {"elements":{"database":"db2", "table":"tbl2", "column": "col2" }}, |
| "userPermissions": {"john":{"select":{"result":1, "isFinal":true}, "update":{"result":-1, "isFinal":true}}, "jane":{"select":{"result":1, "isFinal":true},"update":{"result":1, "isFinal":true}}, "adam":{"drop":{"result":2, "isFinal":true}}, "eve":{"drop":{"result":2, "isFinal":true}}}, |
| "groupPermissions": {} |
| } |
| ] |
| } |
| ] |
| } |