| { |
| "serviceName":"hbasedev", |
| |
| "serviceDef":{ |
| "name":"hbase", |
| "id":2, |
| "resources":[ |
| {"name":"table","level":1,"parent":"","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"HBase Table","description":"HBase Table"}, |
| {"name":"column-family","level":2,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"HBase Column-Family","description":"HBase Column-Family"}, |
| {"name":"column","level":3,"parent":"column-family","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"HBase Column","description":"HBase Column"} |
| ], |
| "accessTypes":[ |
| {"name":"read","label":"Read"}, |
| {"name":"write","label":"Write"}, |
| {"name":"create","label":"Create"}, |
| {"name":"admin","label":"Admin","impliedGrants":["read","write","create"]} |
| ] |
| }, |
| |
| "policies":[ |
| {"id":1,"name":"table=finance; column-family=restricted*: audit-all-access","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"table":{"values":["finance"]},"column-family":{"values":["restricted*"]}}, |
| "policyItems":[ |
| {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false} |
| ] |
| } |
| , |
| {"id":2,"name":"table=finance; column-family=restricted*","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"table":{"values":["finance"]},"column-family":{"values":["restricted*"]}}, |
| "policyItems":[ |
| {"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true}],"users":[],"groups":["finance"],"delegateAdmin":false} |
| , |
| {"accesses":[{"type":"admin","isAllowed":true}],"users":[],"groups":["finance-admin"],"delegateAdmin":true} |
| ] |
| } |
| , |
| {"id":3,"name":"table=*; column-family=<excluding>restricted*","isEnabled":true,"isAuditEnabled":false, |
| "resources":{"table":{"values":["*"]},"column-family":{"values":["restricted*"],"isExcludes":true}}, |
| "policyItems":[ |
| {"accesses":[{"type":"read","isAllowed":true}],"users":[],"groups":["public"],"delegateAdmin":false} |
| ] |
| } |
| ], |
| |
| "tests":[ |
| {"name":"TEST!!! ALLOW 'scan finance restricted-cf;' for finance-admin", |
| "request":{ |
| "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}}, |
| "accessType":"read","user":"user1","userGroups":["users","finance-admin"],"requestData":"scan finance restricted-cf" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"ALLOW 'scan finance restricted-cf;' for finance", |
| "request":{ |
| "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}}, |
| "accessType":"read","user":"user1","userGroups":["users","finance"],"requestData":"scan finance restricted-cf" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"ALLOW 'put finance restricted-cf;' for finance", |
| "request":{ |
| "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}}, |
| "accessType":"write","user":"user1","userGroups":["users","finance"],"requestData":"put finance restricted-cf" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"DENY 'create finance restricted-cf;' for finance", |
| "request":{ |
| "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}}, |
| "accessType":"create","user":"user1","userGroups":["users","finance"],"requestData":"create finance restricted-cf" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY 'grant finance restricted-cf;' for finance", |
| "request":{ |
| "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}}, |
| "accessType":"admin","user":"user1","userGroups":["users","finance"],"requestData":"grant finance restricted-cf" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY 'scan finance restricted-cf;' for user1", |
| "request":{ |
| "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}}, |
| "accessType":"read","user":"user1","userGroups":["users"],"requestData":"scan finance restricted-cf" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY 'put finance restricted-cf;' for user1", |
| "request":{ |
| "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}}, |
| "accessType":"write","user":"user1","userGroups":["users"],"requestData":"put finance restricted-cf" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY 'create finance restricted-cf;' for user1", |
| "request":{ |
| "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}}, |
| "accessType":"create","user":"user1","userGroups":["users"],"requestData":"create finance restricted-cf" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"DENY 'grant finance restricted-cf;' for user1", |
| "request":{ |
| "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}}, |
| "accessType":"admin","user":"user1","userGroups":["users"],"requestData":"grant finance restricted-cf" |
| }, |
| "result":{"isAudited":true,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"ALLOW 'scan finance restricted-cf;' for finance-admin", |
| "request":{ |
| "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}}, |
| "accessType":"read","user":"user1","userGroups":["users","finance-admin"],"requestData":"scan finance restricted-cf" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"ALLOW 'put finance restricted-cf;' for finance-admin", |
| "request":{ |
| "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}}, |
| "accessType":"write","user":"user1","userGroups":["users","finance-admin"],"requestData":"put finance restricted-cf" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"ALLOW 'create finance restricted-cf;' for finance-admin", |
| "request":{ |
| "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}}, |
| "accessType":"create","user":"user1","userGroups":["users","finance-admin"],"requestData":"create finance restricted-cf" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"ALLOW 'grant finance restricted-cf;' for finance-admin", |
| "request":{ |
| "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}}, |
| "accessType":"admin","user":"user1","userGroups":["users","finance-admin"],"requestData":"grant finance restricted-cf" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":2} |
| } |
| , |
| {"name":"ALLOW 'scan finance regular-cf;' for user1", |
| "request":{ |
| "resource":{"elements":{"table":"finance","column-family":"regular-cf"}}, |
| "accessType":"read","user":"user1","userGroups":["users"],"requestData":"scan finance regular-cf" |
| }, |
| "result":{"isAudited":false,"isAllowed":true,"policyId":3} |
| } |
| , |
| {"name":"DENY 'put finance regular-cf;' for user1", |
| "request":{ |
| "resource":{"elements":{"table":"finance","column-family":"regular-cf"}}, |
| "accessType":"write","user":"user1","userGroups":["users"],"requestData":"put finance regular-cf" |
| }, |
| "result":{"isAudited":false,"isAllowed":false,"policyId":-1} |
| } |
| ] |
| } |
| |