hbase-agent/src/test/resources/policyengine/test_policyengine_hbase.json - ranger - Git at Google

 {
   "serviceName":"hbasedev",

   "serviceDef":{
     "name":"hbase",
     "id":2,
     "resources":[
       {"name":"table","level":1,"parent":"","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Table","description":"HBase Table"},
       {"name":"column-family","level":2,"table":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column-Family","description":"HBase Column-Family"},
       {"name":"column","level":3,"parent":"column-family","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column","description":"HBase Column"}
     ],
     "accessTypes":[
       {"name":"read","label":"Read"},
       {"name":"write","label":"Write"},
       {"name":"create","label":"Create"},
       {"name":"admin","label":"Admin","impliedGrants":["read","write","create"]}
     ]
   },

   "policies":[
     {"id":1,"name":"table=finance; column-family=restricted*: audit-all-access","isEnabled":true,"isAuditEnabled":true,
      "resources":{"table":{"values":["finance"]},"column-family":{"values":["restricted*"]}},
      "policyItems":[
        {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
      ]
     }
     ,
     {"id":2,"name":"table=finance; column-family=restricted*","isEnabled":true,"isAuditEnabled":true,
      "resources":{"table":{"values":["finance"]},"column-family":{"values":["restricted*"]}},
      "policyItems":[
        {"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true}],"users":[],"groups":["finance"],"delegateAdmin":false}
        ,
        {"accesses":[{"type":"admin","isAllowed":true}],"users":[],"groups":["finance-admin"],"delegateAdmin":true}
      ]
     }
     ,
     {"id":3,"name":"table=*; column-family=<excluding>restricted*","isEnabled":true,"isAuditEnabled":false,
      "resources":{"table":{"values":["*"]},"column-family":{"values":["restricted*"],"isExcludes":true}},
      "policyItems":[
        {"accesses":[{"type":"read","isAllowed":true}],"users":[],"groups":["public"],"delegateAdmin":false}
      ]
     }
   ],

   "tests":[
     {"name":"ALLOW 'scan finance restricted-cf;' for finance",
      "request":{
       "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
       "accessTypes":["read"],"user":"user1","userGroups":["users","finance"],"requestData":"scan finance restricted-cf"
      },
      "result":{"accessTypeResults":{"read":{"isAllowed":true,"isAudited":true,"policyId":2}}}
     }
     ,
     {"name":"ALLOW 'put finance restricted-cf;' for finance",
      "request":{
       "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
       "accessTypes":["write"],"user":"user1","userGroups":["users","finance"],"requestData":"put finance restricted-cf"
      },
      "result":{"accessTypeResults":{"write":{"isAllowed":true,"isAudited":true,"policyId":2}}}
     }
     ,
     {"name":"DENY 'create finance restricted-cf;' for finance",
      "request":{
       "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
       "accessTypes":["create"],"user":"user1","userGroups":["users","finance"],"requestData":"create finance restricted-cf"
      },
      "result":{"accessTypeResults":{"create":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
     }
     ,
     {"name":"DENY 'grant finance restricted-cf;' for finance",
      "request":{
       "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
       "accessTypes":["admin"],"user":"user1","userGroups":["users","finance"],"requestData":"grant finance restricted-cf"
      },
      "result":{"accessTypeResults":{"admin":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
     }
     ,
     {"name":"DENY 'scan finance restricted-cf;' for user1",
      "request":{
       "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
       "accessTypes":["read"],"user":"user1","userGroups":["users"],"requestData":"scan finance restricted-cf"
      },
      "result":{"accessTypeResults":{"read":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
     }
     ,
     {"name":"DENY 'put finance restricted-cf;' for user1",
      "request":{
       "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
       "accessTypes":["write"],"user":"user1","userGroups":["users"],"requestData":"put finance restricted-cf"
      },
      "result":{"accessTypeResults":{"write":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
     }
     ,
     {"name":"DENY 'create finance restricted-cf;' for user1",
      "request":{
       "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
       "accessTypes":["create"],"user":"user1","userGroups":["users"],"requestData":"create finance restricted-cf"
      },
      "result":{"accessTypeResults":{"create":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
     }
     ,
     {"name":"DENY 'grant finance restricted-cf;' for user1",
      "request":{
       "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
       "accessTypes":["admin"],"user":"user1","userGroups":["users"],"requestData":"grant finance restricted-cf"
      },
      "result":{"accessTypeResults":{"admin":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
     }
     ,
     {"name":"ALLOW 'scan finance restricted-cf;' for finance-admin",
      "request":{
       "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
       "accessTypes":["read"],"user":"user1","userGroups":["users","finance-admin"],"requestData":"scan finance restricted-cf"
      },
      "result":{"accessTypeResults":{"read":{"isAllowed":true,"isAudited":true,"policyId":2}}}
     }
     ,
     {"name":"ALLOW 'put finance restricted-cf;' for finance-admin",
      "request":{
       "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
       "accessTypes":["write"],"user":"user1","userGroups":["users","finance-admin"],"requestData":"put finance restricted-cf"
      },
      "result":{"accessTypeResults":{"write":{"isAllowed":true,"isAudited":true,"policyId":2}}}
     }
     ,
     {"name":"ALLOW 'create finance restricted-cf;' for finance-admin",
      "request":{
       "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
       "accessTypes":["create"],"user":"user1","userGroups":["users","finance-admin"],"requestData":"create finance restricted-cf"
      },
      "result":{"accessTypeResults":{"create":{"isAllowed":true,"isAudited":true,"policyId":2}}}
     }
     ,
     {"name":"ALLOW 'grant finance restricted-cf;' for finance-admin",
      "request":{
       "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
       "accessTypes":["admin"],"user":"user1","userGroups":["users","finance-admin"],"requestData":"grant finance restricted-cf"
      },
      "result":{"accessTypeResults":{"admin":{"isAllowed":true,"isAudited":true,"policyId":2}}}
     }
     ,
     {"name":"ALLOW 'scan finance regular-cf;' for user1",
      "request":{
       "resource":{"elements":{"table":"finance","column-family":"regular-cf"}},
       "accessTypes":["read"],"user":"user1","userGroups":["users"],"requestData":"scan finance regular-cf"
      },
      "result":{"accessTypeResults":{"read":{"isAllowed":true,"isAudited":false,"policyId":3}}}
     }
     ,
     {"name":"DENY 'put finance regular-cf;' for user1",
      "request":{
       "resource":{"elements":{"table":"finance","column-family":"regular-cf"}},
       "accessTypes":["write"],"user":"user1","userGroups":["users"],"requestData":"put finance regular-cf"
      },
      "result":{"accessTypeResults":{"write":{"isAllowed":false,"isAudited":false,"policyId":-1}}}
     }
   ]
 }
	{
	"serviceName":"hbasedev",

	"serviceDef":{
	"name":"hbase",
	"id":2,
	"resources":[
	{"name":"table","level":1,"parent":"","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Table","description":"HBase Table"},
	{"name":"column-family","level":2,"table":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column-Family","description":"HBase Column-Family"},
	{"name":"column","level":3,"parent":"column-family","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column","description":"HBase Column"}
	],
	"accessTypes":[
	{"name":"read","label":"Read"},
	{"name":"write","label":"Write"},
	{"name":"create","label":"Create"},
	{"name":"admin","label":"Admin","impliedGrants":["read","write","create"]}
	]
	},

	"policies":[
	{"id":1,"name":"table=finance; column-family=restricted*: audit-all-access","isEnabled":true,"isAuditEnabled":true,
	"resources":{"table":{"values":["finance"]},"column-family":{"values":["restricted*"]}},
	"policyItems":[
	{"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
	]
	}
	,
	{"id":2,"name":"table=finance; column-family=restricted*","isEnabled":true,"isAuditEnabled":true,
	"resources":{"table":{"values":["finance"]},"column-family":{"values":["restricted*"]}},
	"policyItems":[
	{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true}],"users":[],"groups":["finance"],"delegateAdmin":false}
	,
	{"accesses":[{"type":"admin","isAllowed":true}],"users":[],"groups":["finance-admin"],"delegateAdmin":true}
	]
	}
	,
	{"id":3,"name":"table=; column-family=<excluding>restricted","isEnabled":true,"isAuditEnabled":false,
	"resources":{"table":{"values":[""]},"column-family":{"values":["restricted"],"isExcludes":true}},
	"policyItems":[
	{"accesses":[{"type":"read","isAllowed":true}],"users":[],"groups":["public"],"delegateAdmin":false}
	]
	}
	],

	"tests":[
	{"name":"ALLOW 'scan finance restricted-cf;' for finance",
	"request":{
	"resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
	"accessTypes":["read"],"user":"user1","userGroups":["users","finance"],"requestData":"scan finance restricted-cf"
	},
	"result":{"accessTypeResults":{"read":{"isAllowed":true,"isAudited":true,"policyId":2}}}
	}
	,
	{"name":"ALLOW 'put finance restricted-cf;' for finance",
	"request":{
	"resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
	"accessTypes":["write"],"user":"user1","userGroups":["users","finance"],"requestData":"put finance restricted-cf"
	},
	"result":{"accessTypeResults":{"write":{"isAllowed":true,"isAudited":true,"policyId":2}}}
	}
	,
	{"name":"DENY 'create finance restricted-cf;' for finance",
	"request":{
	"resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
	"accessTypes":["create"],"user":"user1","userGroups":["users","finance"],"requestData":"create finance restricted-cf"
	},
	"result":{"accessTypeResults":{"create":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
	}
	,
	{"name":"DENY 'grant finance restricted-cf;' for finance",
	"request":{
	"resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
	"accessTypes":["admin"],"user":"user1","userGroups":["users","finance"],"requestData":"grant finance restricted-cf"
	},
	"result":{"accessTypeResults":{"admin":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
	}
	,
	{"name":"DENY 'scan finance restricted-cf;' for user1",
	"request":{
	"resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
	"accessTypes":["read"],"user":"user1","userGroups":["users"],"requestData":"scan finance restricted-cf"
	},
	"result":{"accessTypeResults":{"read":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
	}
	,
	{"name":"DENY 'put finance restricted-cf;' for user1",
	"request":{
	"resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
	"accessTypes":["write"],"user":"user1","userGroups":["users"],"requestData":"put finance restricted-cf"
	},
	"result":{"accessTypeResults":{"write":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
	}
	,
	{"name":"DENY 'create finance restricted-cf;' for user1",
	"request":{
	"resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
	"accessTypes":["create"],"user":"user1","userGroups":["users"],"requestData":"create finance restricted-cf"
	},
	"result":{"accessTypeResults":{"create":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
	}
	,
	{"name":"DENY 'grant finance restricted-cf;' for user1",
	"request":{
	"resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
	"accessTypes":["admin"],"user":"user1","userGroups":["users"],"requestData":"grant finance restricted-cf"
	},
	"result":{"accessTypeResults":{"admin":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
	}
	,
	{"name":"ALLOW 'scan finance restricted-cf;' for finance-admin",
	"request":{
	"resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
	"accessTypes":["read"],"user":"user1","userGroups":["users","finance-admin"],"requestData":"scan finance restricted-cf"
	},
	"result":{"accessTypeResults":{"read":{"isAllowed":true,"isAudited":true,"policyId":2}}}
	}
	,
	{"name":"ALLOW 'put finance restricted-cf;' for finance-admin",
	"request":{
	"resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
	"accessTypes":["write"],"user":"user1","userGroups":["users","finance-admin"],"requestData":"put finance restricted-cf"
	},
	"result":{"accessTypeResults":{"write":{"isAllowed":true,"isAudited":true,"policyId":2}}}
	}
	,
	{"name":"ALLOW 'create finance restricted-cf;' for finance-admin",
	"request":{
	"resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
	"accessTypes":["create"],"user":"user1","userGroups":["users","finance-admin"],"requestData":"create finance restricted-cf"
	},
	"result":{"accessTypeResults":{"create":{"isAllowed":true,"isAudited":true,"policyId":2}}}
	}
	,
	{"name":"ALLOW 'grant finance restricted-cf;' for finance-admin",
	"request":{
	"resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
	"accessTypes":["admin"],"user":"user1","userGroups":["users","finance-admin"],"requestData":"grant finance restricted-cf"
	},
	"result":{"accessTypeResults":{"admin":{"isAllowed":true,"isAudited":true,"policyId":2}}}
	}
	,
	{"name":"ALLOW 'scan finance regular-cf;' for user1",
	"request":{
	"resource":{"elements":{"table":"finance","column-family":"regular-cf"}},
	"accessTypes":["read"],"user":"user1","userGroups":["users"],"requestData":"scan finance regular-cf"
	},
	"result":{"accessTypeResults":{"read":{"isAllowed":true,"isAudited":false,"policyId":3}}}
	}
	,
	{"name":"DENY 'put finance regular-cf;' for user1",
	"request":{
	"resource":{"elements":{"table":"finance","column-family":"regular-cf"}},
	"accessTypes":["write"],"user":"user1","userGroups":["users"],"requestData":"put finance regular-cf"
	},
	"result":{"accessTypeResults":{"write":{"isAllowed":false,"isAudited":false,"policyId":-1}}}
	}
	]
	}