agents-common/src/test/resources/policyengine/test_policyengine_hive.json - ranger - Git at Google

 {
   "serviceName":"hivedev",

   "serviceDef":{
     "name":"hive",
     "id":3,
     "resources":[
       {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"},
       {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"},
       {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive UDF","description":"Hive UDF"},
       {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Column","description":"Hive Column"}
     ],
     "accessTypes":[
       {"name":"select","label":"Select"},
       {"name":"update","label":"Update"},
       {"name":"create","label":"Create"},
       {"name":"drop","label":"Drop"},
       {"name":"alter","label":"Alter"},
       {"name":"index","label":"Index"},
       {"name":"lock","label":"Lock"},
       {"name":"all","label":"All"}
     ]
   },

   "policies":[
     {"id":1,"name":"db=default: audit-all-access","isEnabled":true,"isAuditEnabled":true,
      "resources":{"database":{"values":["default"]},"table":{"values":["*"]},"column":{"values":["*"]}},
      "policyItems":[
        {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
      ]
     }
     ,
     {"id":2,"name":"db=default; table=test*; column=*","isEnabled":true,"isAuditEnabled":true,
      "resources":{"database":{"values":["default"]},"table":{"values":["test*"]},"column":{"values":["*"]}},
      "policyItems":[
        {"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false}
        ,
        {"accesses":[{"type":"create","isAllowed":true},{"type":"drop","isAllowed":true}],"users":["admin"],"groups":["admin"],"delegateAdmin":true}
      ]
     }
   ],

   "tests":[
     {"name":"ALLOW 'use default;' for user1",
      "request":{
       "resource":{"elements":{"database":"default"}},
       "accessType":"","user":"user1","userGroups":["users"],"requestData":"use default"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"ALLOW 'use default;' for user2",
      "request":{
       "resource":{"elements":{"database":"default"}},
       "accessType":"","user":"user2","userGroups":["users"],"requestData":"use default"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"DENY 'use default;' to user3",
      "request":{
       "resource":{"elements":{"database":"default"}},
       "accessType":"","user":"user3","userGroups":["users"],"requestData":"use default"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"ALLOW 'use default;' to group1",
      "request":{
       "resource":{"elements":{"database":"default"}},
       "accessType":"","user":"user3","userGroups":["users", "group1"],"requestData":"use default"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"ALLOW 'use default;' to group2",
      "request":{
       "resource":{"elements":{"database":"default"}},
       "accessType":"","user":"user3","userGroups":["users", "group2"],"requestData":"use default"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"DENY 'use default;' to user3/group3",
      "request":{
       "resource":{"elements":{"database":"default"}},
       "accessType":"","user":"user3","userGroups":["users", "group3"],"requestData":"use default"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'use finance;' to user3/group3",
      "request":{
       "resource":{"elements":{"database":"finance"}},
       "accessType":"","user":"user1","userGroups":["users"],"requestData":"use finance"
      },
      "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"ALLOW 'select col1 from default.testtable;' to user1",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
       "accessType":"select","user":"user1","userGroups":["users"],"requestData":"select col1 from default.testtable"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"ALLOW 'select col1 from default.testtable;' to user2",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
       "accessType":"select","user":"user2","userGroups":["users"],"requestData":"select col1 from default.testtable"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"DENY 'select col1 from default.testtable;' to user3",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
       "accessType":"select","user":"user3","userGroups":["users"],"requestData":"select col1 from default.testtable"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"ALLOW 'select col1 from default.testtable;' to group1",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
       "accessType":"select","user":"user3","userGroups":["users","group1"],"requestData":"select col1 from default.testtable"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"ALLOW 'select col1 from default.testtable;' to group2",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
       "accessType":"select","user":"user3","userGroups":["users","group2"],"requestData":"select col1 from default.testtable"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"DENY 'select col1 from default.testtable;' to user3/group3",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
       "accessType":"select","user":"user3","userGroups":["users","group3"],"requestData":"select col1 from default.testtable"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'select col1 from default.table1;' to user1",
      "request":{
       "resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
       "accessType":"select","user":"user1","userGroups":["users"],"requestData":"select col1 from default.table1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'create table default.testtable1;' to user1",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable1"}},
       "accessType":"create","user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'create table default.testtable1;' to user1/group1",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable1"}},
       "accessType":"create","user":"user1","userGroups":["users","group1"],"requestData":"create table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"ALLOW 'create table default.testtable1;' to admin",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable1"}},
       "accessType":"create","user":"admin","userGroups":["users"],"requestData":"create table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"ALLOW 'create table default.testtable1;' to user1/admin",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable1"}},
       "accessType":"create","user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
      ,
     {"name":"DENY 'drop table default.testtable1;' to user1",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable1"}},
       "accessType":"drop","user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'drop table default.testtable1;' to user1/group1",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable1"}},
       "accessType":"drop","user":"user1","userGroups":["users","group1"],"requestData":"drop table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"ALLOW 'drop table default.testtable1;' to admin",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable1"}},
       "accessType":"drop","user":"admin","userGroups":["users"],"requestData":"drop table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"ALLOW 'drop table default.testtable1;' to user1/admin",
      "request":{
       "resource":{"elements":{"database":"default","table":"testtable1"}},
       "accessType":"drop","user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"DENY 'create table default.table1;' to user1",
      "request":{
       "resource":{"elements":{"database":"default","table":"table1"}},
       "accessType":"create","user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'create table default.table1;' to user1/admin",
      "request":{
       "resource":{"elements":{"database":"default","table":"table1"}},
       "accessType":"create","user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'drop table default.table1;' to user1",
      "request":{
       "resource":{"elements":{"database":"default","table":"table1"}},
       "accessType":"drop","user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'drop table default.table1;' to user1/admin",
      "request":{
       "resource":{"elements":{"database":"default","table":"table1"}},
       "accessType":"drop","user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"DENY 'select col1 from default.table1;' to user3",
      "request":{
       "resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
       "accessType":"select","user":"user3","userGroups":["users"],"requestData":"select col1 from default.table1"
      },
      "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
   ]
 }
	{
	"serviceName":"hivedev",

	"serviceDef":{
	"name":"hive",
	"id":3,
	"resources":[
	{"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"},
	{"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"},
	{"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive UDF","description":"Hive UDF"},
	{"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Column","description":"Hive Column"}
	],
	"accessTypes":[
	{"name":"select","label":"Select"},
	{"name":"update","label":"Update"},
	{"name":"create","label":"Create"},
	{"name":"drop","label":"Drop"},
	{"name":"alter","label":"Alter"},
	{"name":"index","label":"Index"},
	{"name":"lock","label":"Lock"},
	{"name":"all","label":"All"}
	]
	},

	"policies":[
	{"id":1,"name":"db=default: audit-all-access","isEnabled":true,"isAuditEnabled":true,
	"resources":{"database":{"values":["default"]},"table":{"values":[""]},"column":{"values":[""]}},
	"policyItems":[
	{"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
	]
	}
	,
	{"id":2,"name":"db=default; table=test; column=","isEnabled":true,"isAuditEnabled":true,
	"resources":{"database":{"values":["default"]},"table":{"values":["test"]},"column":{"values":[""]}},
	"policyItems":[
	{"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false}
	,
	{"accesses":[{"type":"create","isAllowed":true},{"type":"drop","isAllowed":true}],"users":["admin"],"groups":["admin"],"delegateAdmin":true}
	]
	}
	],

	"tests":[
	{"name":"ALLOW 'use default;' for user1",
	"request":{
	"resource":{"elements":{"database":"default"}},
	"accessType":"","user":"user1","userGroups":["users"],"requestData":"use default"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"ALLOW 'use default;' for user2",
	"request":{
	"resource":{"elements":{"database":"default"}},
	"accessType":"","user":"user2","userGroups":["users"],"requestData":"use default"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"DENY 'use default;' to user3",
	"request":{
	"resource":{"elements":{"database":"default"}},
	"accessType":"","user":"user3","userGroups":["users"],"requestData":"use default"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"ALLOW 'use default;' to group1",
	"request":{
	"resource":{"elements":{"database":"default"}},
	"accessType":"","user":"user3","userGroups":["users", "group1"],"requestData":"use default"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"ALLOW 'use default;' to group2",
	"request":{
	"resource":{"elements":{"database":"default"}},
	"accessType":"","user":"user3","userGroups":["users", "group2"],"requestData":"use default"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"DENY 'use default;' to user3/group3",
	"request":{
	"resource":{"elements":{"database":"default"}},
	"accessType":"","user":"user3","userGroups":["users", "group3"],"requestData":"use default"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'use finance;' to user3/group3",
	"request":{
	"resource":{"elements":{"database":"finance"}},
	"accessType":"","user":"user1","userGroups":["users"],"requestData":"use finance"
	},
	"result":{"isAudited":false,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"ALLOW 'select col1 from default.testtable;' to user1",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
	"accessType":"select","user":"user1","userGroups":["users"],"requestData":"select col1 from default.testtable"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"ALLOW 'select col1 from default.testtable;' to user2",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
	"accessType":"select","user":"user2","userGroups":["users"],"requestData":"select col1 from default.testtable"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"DENY 'select col1 from default.testtable;' to user3",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
	"accessType":"select","user":"user3","userGroups":["users"],"requestData":"select col1 from default.testtable"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"ALLOW 'select col1 from default.testtable;' to group1",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
	"accessType":"select","user":"user3","userGroups":["users","group1"],"requestData":"select col1 from default.testtable"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"ALLOW 'select col1 from default.testtable;' to group2",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
	"accessType":"select","user":"user3","userGroups":["users","group2"],"requestData":"select col1 from default.testtable"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"DENY 'select col1 from default.testtable;' to user3/group3",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
	"accessType":"select","user":"user3","userGroups":["users","group3"],"requestData":"select col1 from default.testtable"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'select col1 from default.table1;' to user1",
	"request":{
	"resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
	"accessType":"select","user":"user1","userGroups":["users"],"requestData":"select col1 from default.table1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'create table default.testtable1;' to user1",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable1"}},
	"accessType":"create","user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'create table default.testtable1;' to user1/group1",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable1"}},
	"accessType":"create","user":"user1","userGroups":["users","group1"],"requestData":"create table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"ALLOW 'create table default.testtable1;' to admin",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable1"}},
	"accessType":"create","user":"admin","userGroups":["users"],"requestData":"create table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"ALLOW 'create table default.testtable1;' to user1/admin",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable1"}},
	"accessType":"create","user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"DENY 'drop table default.testtable1;' to user1",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable1"}},
	"accessType":"drop","user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'drop table default.testtable1;' to user1/group1",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable1"}},
	"accessType":"drop","user":"user1","userGroups":["users","group1"],"requestData":"drop table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"ALLOW 'drop table default.testtable1;' to admin",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable1"}},
	"accessType":"drop","user":"admin","userGroups":["users"],"requestData":"drop table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"ALLOW 'drop table default.testtable1;' to user1/admin",
	"request":{
	"resource":{"elements":{"database":"default","table":"testtable1"}},
	"accessType":"drop","user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"DENY 'create table default.table1;' to user1",
	"request":{
	"resource":{"elements":{"database":"default","table":"table1"}},
	"accessType":"create","user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'create table default.table1;' to user1/admin",
	"request":{
	"resource":{"elements":{"database":"default","table":"table1"}},
	"accessType":"create","user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'drop table default.table1;' to user1",
	"request":{
	"resource":{"elements":{"database":"default","table":"table1"}},
	"accessType":"drop","user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'drop table default.table1;' to user1/admin",
	"request":{
	"resource":{"elements":{"database":"default","table":"table1"}},
	"accessType":"drop","user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"DENY 'select col1 from default.table1;' to user3",
	"request":{
	"resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
	"accessType":"select","user":"user3","userGroups":["users"],"requestData":"select col1 from default.table1"
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	]
	}