| { |
| "serviceName":"hdfsdev", |
| |
| "serviceDef":{ |
| "name":"hdfs", |
| "id":1, |
| "resources":[ |
| {"name":"path","type":"path","level":1,"mandatory":true,"lookupSupported":true, |
| "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", |
| "matcherOptions":{"wildCard":true, "ignoreCase":true}, |
| "startDelimiterChar": "{", "endDelimiterChar": "}", "escapeChar":"%", |
| "label":"Resource Path","description":"HDFS file or directory path"} |
| ], |
| "accessTypes":[ |
| {"name":"read","label":"Read"}, |
| {"name":"write","label":"Write"}, |
| {"name":"execute","label":"Execute"} |
| ], |
| "contextEnrichers": [ ], |
| "policyConditions": [ ] |
| }, |
| |
| "policies":[ |
| {"id":1,"name":"allow-read-to-finance under /finance/rest*ricted/","isEnabled":true,"isAuditEnabled":true, |
| "resources":{"path":{"values":["/finance/rest*ricted/"],"isRecursive":true}}, |
| "policyItems":[ |
| {"accesses":[{"type":"read","isAllowed":true}],"users":[],"groups":["finance"],"delegateAdmin":false, "conditions":[ ] } |
| ] |
| } |
| , |
| {"id":2,"name":"allow-read-to-{USER} under /home/{USER}/","isEnabled":true,"isAuditEnabled":false, |
| "resources":{"path":{"values":["/home/{USER}/"],"isRecursive":true}}, |
| "policyItems":[ |
| {"accesses":[{"type":"read","isAllowed":true}],"users":["{USER}"],"groups":[],"delegateAdmin":false, "conditions":[ ] } |
| ] |
| } |
| ], |
| |
| "tests":[ |
| {"name":"DENY 'read /home/user1/tmp/sales.db' for user=user2", |
| "request":{ |
| "resource":{"elements":{"path":"/home/user1/tmp/sales.db"}}, |
| "accessType":"read","user":"user2","userGroups":[],"requestData":"DENY read /home/user1/tmp/sales.db to user2" |
| }, |
| "result":{"isAudited":false,"isAllowed":false,"policyId":-1} |
| } |
| , |
| {"name":"ALLOW 'read /home/user1/tmp/sales.db' for user=user1", |
| "request":{ |
| "resource":{"elements":{"path":"/home/user1/tmp/sales.db"}}, |
| "accessType":"read","user":"user1","userGroups":[],"requestData":"ALLOW read /home/user1/tmp/sales.db to user1" |
| }, |
| "result":{"isAudited":false,"isAllowed":true,"policyId":2} |
| } |
| , |
| |
| {"name":"ALLOW 'read /finance/restricted/tmp/sales.db' for g=finance", |
| "request":{ |
| "resource":{"elements":{"path":"/finance/restricted/tmp/sales.db"}}, |
| "accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/tmp/sales.db" |
| }, |
| "result":{"isAudited":true,"isAllowed":true,"policyId":1} |
| } |
| |
| ] |
| } |
| |