| { |
| "serviceName": "hivedev", |
| "serviceDef": { |
| "name": "hive", |
| "id": 3, |
| "resources": [ |
| { |
| "name": "database", |
| "level": 1, |
| "mandatory": true, |
| "lookupSupported": true, |
| "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", |
| "matcherOptions": { |
| "wildCard": true, |
| "ignoreCase": true |
| }, |
| "label": "Hive Database", |
| "description": "Hive Database" |
| }, |
| { |
| "name": "table", |
| "level": 2, |
| "parent": "database", |
| "mandatory": true, |
| "lookupSupported": true, |
| "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", |
| "matcherOptions": { |
| "wildCard": true, |
| "ignoreCase": true |
| }, |
| "label": "Hive Table", |
| "description": "Hive Table" |
| }, |
| { |
| "name": "udf", |
| "level": 2, |
| "parent": "database", |
| "mandatory": true, |
| "lookupSupported": true, |
| "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", |
| "matcherOptions": { |
| "wildCard": true, |
| "ignoreCase": true |
| }, |
| "label": "Hive UDF", |
| "description": "Hive UDF" |
| }, |
| { |
| "name": "column", |
| "level": 3, |
| "parent": "table", |
| "mandatory": true, |
| "lookupSupported": true, |
| "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", |
| "matcherOptions": { |
| "wildCard": true, |
| "ignoreCase": true |
| }, |
| "label": "Hive Column", |
| "description": "Hive Column" |
| } |
| ], |
| "accessTypes": [ |
| { |
| "name": "select", |
| "label": "Select" |
| }, |
| { |
| "name": "update", |
| "label": "Update" |
| }, |
| { |
| "name": "create", |
| "label": "Create" |
| }, |
| { |
| "name": "grant", |
| "label": "Grant" |
| }, |
| { |
| "name": "drop", |
| "label": "Drop" |
| }, |
| { |
| "name": "alter", |
| "label": "Alter" |
| }, |
| { |
| "name": "index", |
| "label": "Index" |
| }, |
| { |
| "name": "lock", |
| "label": "Lock" |
| }, |
| { |
| "name": "all", |
| "label": "All", |
| "impliedGrants": [ |
| "select", |
| "update", |
| "create", |
| "grant", |
| "drop", |
| "alter", |
| "index", |
| "lock" |
| ] |
| } |
| ], |
| "dataMaskDef": { |
| "maskTypes": [ |
| { |
| "itemId": 1, |
| "name": "MASK", |
| "label": "Mask", |
| "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'" |
| }, |
| { |
| "itemId": 2, |
| "name": "SHUFFLE", |
| "label": "Shuffle", |
| "description": "Randomly shuffle the contents" |
| }, |
| { |
| "itemId": 10, |
| "name": "NULL", |
| "label": "NULL", |
| "description": "Replace with NULL" |
| } |
| |
| ], |
| "accessTypes":[ |
| {"name":"select","label":"Select"} |
| ], |
| "resources":[ |
| {"name":"database","matcherOptions":{"wildCard":false}}, |
| {"name":"table","matcherOptions":{"wildCard":false}}, |
| {"name":"column","matcherOptions":{"wildCard":false}} |
| ] |
| }, |
| "rowFilterDef": { |
| "accessTypes":[ |
| {"name":"select","label":"Select"} |
| ], |
| "resources":[ |
| {"name":"database","matcherOptions":{"wildCard":false}}, |
| {"name":"table","matcherOptions":{"wildCard":false}} |
| ] |
| } |
| }, |
| "policies": [ |
| { |
| "id": 101, |
| "name": "db=*: audit-all-access", |
| "isEnabled": true, |
| "isAuditEnabled": true, |
| "resources": { |
| "database": { |
| "values": [ |
| "*" |
| ] |
| }, |
| "table": { |
| "values": [ |
| "*" |
| ] |
| }, |
| "column": { |
| "values": [ |
| "*" |
| ] |
| } |
| }, |
| "policyItems": [ |
| { |
| "accesses": [ |
| { |
| "type": "all", |
| "isAllowed": true |
| } |
| ], |
| "users": [ |
| "hive", |
| "user1", |
| "user2" |
| ], |
| "groups": [ |
| "public" |
| ], |
| "delegateAdmin": false |
| } |
| ] |
| }, |
| { |
| "id": 102, |
| "name": "db=*, udf=*: audit-all-access", |
| "isEnabled": true, |
| "isAuditEnabled": true, |
| "resources": { |
| "database": { |
| "values": [ |
| "*" |
| ] |
| }, |
| "udf": { |
| "values": [ |
| "*" |
| ] |
| } |
| }, |
| "policyItems": [ |
| { |
| "accesses": [ |
| { |
| "type": "all", |
| "isAllowed": true |
| } |
| ], |
| "users": [ |
| "hive", |
| "user1", |
| "user2" |
| ], |
| "groups": [ |
| "public" |
| ], |
| "delegateAdmin": false |
| } |
| ] |
| } |
| ], |
| "tagPolicyInfo": { |
| "serviceName": "tagdev", |
| "serviceDef": { |
| "name": "tag", |
| "id": 100, |
| "resources": [ |
| { |
| "itemId": 1, |
| "name": "tag", |
| "type": "string", |
| "level": 1, |
| "parent": "", |
| "mandatory": true, |
| "lookupSupported": true, |
| "recursiveSupported": false, |
| "excludesSupported": false, |
| "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", |
| "matcherOptions": { |
| "wildCard": false, |
| "ignoreCase": false |
| }, |
| "validationRegEx": "", |
| "validationMessage": "", |
| "uiHint": "", |
| "label": "TAG", |
| "description": "TAG" |
| } |
| ], |
| "accessTypes": [ |
| { |
| "itemId": 1, |
| "name": "hive:select", |
| "label": "hive:select" |
| }, |
| { |
| "itemId": 2, |
| "name": "hive:update", |
| "label": "hive:update" |
| }, |
| { |
| "itemId": 3, |
| "name": "hive:create", |
| "label": "hive:create" |
| }, |
| { |
| "itemId": 4, |
| "name": "hive:grant", |
| "label": "hive:grant" |
| }, |
| { |
| "itemId": 5, |
| "name": "hive:drop", |
| "label": "hive:drop" |
| }, |
| { |
| "itemId": 6, |
| "name": "hive:alter", |
| "label": "hive:alter" |
| }, |
| { |
| "itemId": 7, |
| "name": "hive:index", |
| "label": "hive:index" |
| }, |
| { |
| "itemId": 8, |
| "name": "hive:lock", |
| "label": "hive:lock" |
| }, |
| { |
| "itemId": 9, |
| "name": "hive:all", |
| "label": "hive:all", |
| "impliedGrants": [ |
| "hive:select", |
| "hive:update", |
| "hive:create", |
| "hive:grant", |
| "hive:drop", |
| "hive:alter", |
| "hive:index", |
| "hive:lock" |
| ] |
| } |
| ], |
| "dataMaskDef": { |
| "maskTypes": [ |
| { |
| "itemId": 1, |
| "name": "MASK", |
| "label": "Mask", |
| "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'" |
| }, |
| { |
| "itemId": 2, |
| "name": "SHUFFLE", |
| "label": "Shuffle", |
| "description": "Randomly shuffle the contents" |
| }, |
| { |
| "itemId": 10, |
| "name": "NULL", |
| "label": "NULL", |
| "description": "Replace with NULL" |
| } |
| |
| ], |
| "accessTypes":[ |
| {"name":"hive:select","label":"hive:Select"} |
| ], |
| "resources":[ |
| {"name":"tag","matcherOptions":{"wildCard":false}} |
| ] |
| }, |
| "rowFilterDef": { |
| "accessTypes":[ |
| {"name":"hive:select","label":"hive:Select"} |
| ], |
| "resources":[ |
| {"name":"tag","matcherOptions":{"wildCard":false}} |
| ] |
| }, |
| "contextEnrichers": [ |
| ], |
| "policyConditions": [ |
| { |
| "itemId": 1, |
| "name": "expression", |
| "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator", |
| "evaluatorOptions": { |
| "engineName": "JavaScript", |
| "ui.isMultiline": "true" |
| }, |
| "label": "Enter boolean expression", |
| "description": "Boolean expression" |
| }, |
| { |
| "itemId": 2, |
| "name": "enforce-expiry", |
| "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptTemplateConditionEvaluator", |
| "evaluatorOptions": { |
| "scriptTemplate": "ctx.isAccessedAfter('expiry_date');" |
| }, |
| "label": "Deny access after expiry_date?", |
| "description": "Deny access after expiry_date? (yes/no)" |
| } |
| ] |
| }, |
| "tagPolicies": [ |
| { |
| "id": 1, |
| "name": "RESTRICTED_TAG_POLICY", |
| "isEnabled": true, |
| "isAuditEnabled": true, |
| "policyType": 1, |
| "resources": { |
| "tag": { |
| "values": [ |
| "RESTRICTED" |
| ], |
| "isRecursive": false |
| } |
| }, |
| "dataMaskPolicyItems": [ |
| { |
| "accesses": [ |
| { |
| "type": "select", |
| "isAllowed": true |
| } |
| ], |
| "users": [ |
| "user1" |
| ], |
| "groups": [], |
| "delegateAdmin": false, |
| "dataMaskInfo": { |
| "dataMaskType": "MASK" |
| } |
| }, |
| { |
| "accesses": [ |
| { |
| "type": "select", |
| "isAllowed": true |
| } |
| ], |
| "users": [ |
| "user2" |
| ], |
| "groups": [], |
| "delegateAdmin": false, |
| "dataMaskInfo": { |
| "dataMaskType": "SHUFFLE" |
| } |
| } |
| ] |
| } |
| ] |
| }, |
| "tests": [ |
| { |
| "name": "'select ssn from employee.personal;' for user1 - maskType=MASK", |
| "request": { |
| "resource": { |
| "elements": { |
| "database": "employee", |
| "table": "personal", |
| "column": "ssn" |
| } |
| }, |
| "accessType": "select", |
| "user": "user1", |
| "userGroups": [], |
| "requestData": "select ssn from employee.personal;' for user1", |
| "context": { |
| "TAGS": "[{\"type\":\"RESTRICTED\"}]" |
| } |
| }, |
| "dataMaskResult":{"additionalInfo":{"maskType":"MASK","maskCondition":null,"maskValue":null},"policyId":1} |
| }, |
| { |
| "name": "'select ssn from employee.personal;' for user2 - maskType=SHUFFLE", |
| "request": { |
| "resource": { |
| "elements": { |
| "database": "employee", |
| "table": "personal", |
| "column": "ssn" |
| } |
| }, |
| "accessType": "select", |
| "user": "user2", |
| "userGroups": [], |
| "requestData": "select ssn from employee.personal;' for user2", |
| "context": { |
| "TAGS": "[{\"type\":\"RESTRICTED\"}]" |
| } |
| }, |
| "dataMaskResult":{"additionalInfo":{"maskType":"SHUFFLE","maskCondition":null,"maskValue":null},"policyId":1} |
| }, |
| { |
| "name": "'select ssn from employee.personal;' for hive - maskType=NONE", |
| "request": { |
| "resource": { |
| "elements": { |
| "database": "employee", |
| "table": "personal", |
| "column": "ssn" |
| } |
| }, |
| "accessType": "select", |
| "user": "hive", |
| "userGroups": [], |
| "requestData": "select ssn from employee.personal;' for hive", |
| "context": { |
| "TAGS": "[{\"type\":\"RESTRICTED\"}]" |
| } |
| }, |
| "dataMaskResult":{"additionalInfo":{"maskType":null,"maskCondition":null,"maskValue":null},"policyId":-1} |
| } |
| ] |
| } |
| |