You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2016/04/05 18:35:55 UTC
[2/3] incubator-ranger git commit: RANGER-908: Ranger policy model
updated to support row-filtering
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c7f617b/agents-common/src/test/resources/policyengine/test_policyengine_hive_mask_filter.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_hive_mask_filter.json b/agents-common/src/test/resources/policyengine/test_policyengine_hive_mask_filter.json
new file mode 100644
index 0000000..d3e0c25
--- /dev/null
+++ b/agents-common/src/test/resources/policyengine/test_policyengine_hive_mask_filter.json
@@ -0,0 +1,243 @@
+{
+ "serviceName":"hivedev",
+
+ "serviceDef":{
+ "name":"hive",
+ "id":3,
+ "resources":[
+ {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Database","description":"Hive Database"},
+ {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Table","description":"Hive Table"},
+ {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive UDF","description":"Hive UDF"},
+ {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Column","description":"Hive Column"}
+ ],
+ "accessTypes":[
+ {"name":"select","label":"Select"},
+ {"name":"update","label":"Update"},
+ {"name":"create","label":"Create"},
+ {"name":"drop","label":"Drop"},
+ {"name":"alter","label":"Alter"},
+ {"name":"index","label":"Index"},
+ {"name":"lock","label":"Lock"},
+ {"name":"all","label":"All",
+ "impliedGrants": [
+ "select",
+ "update",
+ "create",
+ "drop",
+ "alter",
+ "index",
+ "lock"
+ ]
+ }
+ ],
+ "dataMaskDef": {
+ "maskTypes": [
+ {
+ "itemId": 1,
+ "name": "MASK",
+ "label": "Mask",
+ "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'"
+ },
+ {
+ "itemId": 2,
+ "name": "SHUFFLE",
+ "label": "Shuffle",
+ "description": "Randomly shuffle the contents"
+ },
+ {
+ "itemId": 10,
+ "name": "NULL",
+ "label": "NULL",
+ "description": "Replace with NULL"
+ }
+
+ ],
+ "accessTypes":[
+ {"name":"select","label":"Select"}
+ ],
+ "resources":[
+ {"name":"database","matcherOptions":{"wildCard":false}},
+ {"name":"table","matcherOptions":{"wildCard":false}},
+ {"name":"column","matcherOptions":{"wildCard":false}}
+ ]
+ },
+ "rowFilterDef": {
+ "accessTypes":[
+ {"name":"select","label":"Select"}
+ ],
+ "resources":[
+ {"name":"database","matcherOptions":{"wildCard":false}},
+ {"name":"table","matcherOptions":{"wildCard":false}}
+ ]
+ }
+ },
+
+ "policies":[
+ {"id":1,"name":"db=*: audit-all-access","isEnabled":true,"isAuditEnabled":true,
+ "resources":{"database":{"values":["*"]},"table":{"values":["*"]},"column":{"values":["*"]}},
+ "policyItems":[
+ {"accesses":[{"type":"all","isAllowed":true}],"users":["hive", "user1", "user2"],"groups":["public"],"delegateAdmin":false}
+ ]
+ },
+ {"id":101,"name":"db=employee, table=personal, column=ssn: mask ssn column","isEnabled":true,"isAuditEnabled":true,"policyType":1,
+ "resources":{"database":{"values":["employee"]},"table":{"values":["personal"]},"column":{"values":["ssn"]}},
+ "dataMaskPolicyItems":[
+ {"accesses":[{"type":"select","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false,
+ "dataMaskInfo": {"dataMaskType":"MASK"}
+ },
+ {"accesses":[{"type":"select","isAllowed":true}],"users":["user2"],"groups":[],"delegateAdmin":false,
+ "dataMaskInfo": {"dataMaskType":"SHUFFLE"}
+ }
+ ]
+ },
+ {"id":102,"name":"db=hr, table=employee, column=date_of_birth: mask date_of_birth column","isEnabled":true,"isAuditEnabled":true,"policyType":1,
+ "resources":{"database":{"values":["hr"]},"table":{"values":["employee"]},"column":{"values":["date_of_birth"]}},
+ "dataMaskPolicyItems":[
+ {"accesses":[{"type":"select","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false,
+ "dataMaskInfo": {"dataMaskType":"MASK"}
+ },
+ {"accesses":[{"type":"select","isAllowed":true}],"users":["user2"],"groups":[],"delegateAdmin":false,
+ "dataMaskInfo": {"dataMaskType":"SHUFFLE"}
+ }
+ ]
+ },
+ {"id":201,"name":"db=employee, table=personal","isEnabled":true,"isAuditEnabled":true,"policyType":2,
+ "resources":{"database":{"values":["employee"]},"table":{"values":["personal"]}},
+ "rowFilterPolicyItems":[
+ {"accesses":[{"type":"select","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false,
+ "rowFilterInfo": {"filterExpr":"location='US'"}
+ },
+ {"accesses":[{"type":"select","isAllowed":true}],"users":["user2"],"groups":[],"delegateAdmin":false,
+ "rowFilterInfo": {"filterExpr":"location='CA'"}
+ }
+ ]
+ },
+ {"id":202,"name":"db=hr, table=employee","isEnabled":true,"isAuditEnabled":true,"policyType":2,
+ "resources":{"database":{"values":["hr"]},"table":{"values":["employee"]}},
+ "rowFilterPolicyItems":[
+ {"accesses":[{"type":"select","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false,
+ "rowFilterInfo": {"filterExpr":"dept='production'"}
+ },
+ {"accesses":[{"type":"select","isAllowed":true}],"users":["user2"],"groups":[],"delegateAdmin":false,
+ "rowFilterInfo": {"filterExpr":"dept='purchase'"}
+ }
+ ]
+ }
+ ],
+
+ "tests":[
+ {"name":"'select ssn from employee.personal;' for user1 - maskType=MASK",
+ "request":{
+ "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}},
+ "accessType":"select","user":"user1","userGroups":[],"requestData":"select ssn from employee.personal;' for user1"
+ },
+ "dataMaskResult":{"maskType":"MASK","maskCondition":null,"maskValue":null,"policyId":101}
+ },
+ {"name":"'select ssn from employee.personal;' for user2 - maskType=SHUFFLE",
+ "request":{
+ "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}},
+ "accessType":"select","user":"user2","userGroups":[],"requestData":"select ssn from employee.personal;' for user2"
+ },
+ "dataMaskResult":{"maskType":"SHUFFLE","maskCondition":null,"maskValue":null,"policyId":101}
+ },
+ {"name":"'select ssn from employee.personal;' for user3 - no-mask",
+ "request":{
+ "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}},
+ "accessType":"select","user":"user3","userGroups":[],"requestData":"select ssn from employee.personal;' for user3"
+ },
+ "dataMaskResult":{"maskType":null,"maskCondition":null,"maskValue":null,"policyId":-1}
+ },
+ {"name":"'select name from employee.personal;' for user1 - no-mask",
+ "request":{
+ "resource":{"elements":{"database":"employee", "table":"personal", "column":"name"}},
+ "accessType":"select","user":"user1","userGroups":[],"requestData":"select name from employee.personal;' for user1"
+ },
+ "dataMaskResult":{"maskType":null,"maskCondition":null,"maskValue":null,"policyId":-1}
+ },
+ {"name":"'select date_of_birth from hr.employee;' for user1 - maskType=MASK",
+ "request":{
+ "resource":{"elements":{"database":"hr", "table":"employee", "column":"date_of_birth"}},
+ "accessType":"select","user":"user1","userGroups":[],"requestData":"select date_of_birth from hr.employee;' for user1"
+ },
+ "dataMaskResult":{"maskType":"MASK","maskCondition":null,"maskValue":null,"policyId":102}
+ },
+ {"name":"'select date_of_birth from hr.employee;' for user2 - maskType=SHUFFLE",
+ "request":{
+ "resource":{"elements":{"database":"hr", "table":"employee", "column":"date_of_birth"}},
+ "accessType":"select","user":"user2","userGroups":[],"requestData":"select date_of_birth from hr.employee2;' for user2"
+ },
+ "dataMaskResult":{"maskType":"SHUFFLE","maskCondition":null,"maskValue":null,"policyId":102}
+ },
+ {"name":"'select date_of_birth1 from hr.employee;' for user1 - no-mask",
+ "request":{
+ "resource":{"elements":{"database":"hr", "table":"employee", "column":"date_of_birth1"}},
+ "accessType":"select","user":"user1","userGroups":[],"requestData":"select date_of_birth1 from hr.employee;' for user1"
+ },
+ "dataMaskResult":{"maskType":null,"maskCondition":null,"maskValue":null,"policyId":-1}
+ },
+ {"name":"'select date_of_birth from hr2.employee2;' for user2 - no-mask",
+ "request":{
+ "resource":{"elements":{"database":"hr2", "table":"employee2", "column":"date_of_birth"}},
+ "accessType":"select","user":"user2","userGroups":[],"requestData":"select date_of_birth from hr2.employee2;' for user2"
+ },
+ "dataMaskResult":{"maskType":null,"maskCondition":null,"maskValue":null,"policyId":-1}
+ },
+ {"name":"'select ssn from employee.personal;' for user1 - filterExpr=location='US'",
+ "request":{
+ "resource":{"elements":{"database":"employee", "table":"personal"}},
+ "accessType":"select","user":"user1","userGroups":[],"requestData":"select ssn from employee.personal;' for user1"
+ },
+ "rowFilterResult":{"filterExpr":"location='US'","policyId":201}
+ },
+ {"name":"'select ssn from employee.personal;' for user2 - filterExpr=location='CA'",
+ "request":{
+ "resource":{"elements":{"database":"employee", "table":"personal"}},
+ "accessType":"select","user":"user2","userGroups":[],"requestData":"select ssn from employee.personal;' for user2"
+ },
+ "rowFilterResult":{"filterExpr":"location='CA'","policyId":201}
+ },
+ {"name":"'select ssn from employee.personal;' for user3 - no-filter",
+ "request":{
+ "resource":{"elements":{"database":"employee", "table":"personal"}},
+ "accessType":"select","user":"user3","userGroups":[],"requestData":"select ssn from employee.personal;' for user3"
+ },
+ "rowFilterResult":{"filterExpr":null,"policyId":-1}
+ },
+ {"name":"'select name from employee.personal;' for group3 - no-filter",
+ "request":{
+ "resource":{"elements":{"database":"employee", "table":"personal"}},
+ "accessType":"select","user":"user5","userGroups":["group3"],"requestData":"select name from employee.personal;' for user5/group3"
+ },
+ "rowFilterResult":{"filterExpr":null,"policyId":-1}
+ },
+ {"name":"'select date_of_birth from hr.employee;' for user1 - filterExpr=dept='production'",
+ "request":{
+ "resource":{"elements":{"database":"hr", "table":"employee"}},
+ "accessType":"select","user":"user1","userGroups":[],"requestData":"select date_of_birth from hr.employee;' for user1"
+ },
+ "rowFilterResult":{"filterExpr":"dept='production'","policyId":202}
+ },
+ {"name":"'select date_of_birth from hr.employee;' for user2 - filterExpr=dept='purchase'",
+ "request":{
+ "resource":{"elements":{"database":"hr", "table":"employee"}},
+ "accessType":"select","user":"user2","userGroups":[],"requestData":"select date_of_birth from hr.employee2;' for user2"
+ },
+ "rowFilterResult":{"filterExpr":"dept='purchase'","policyId":202}
+ },
+ {"name":"'select date_of_birth from hr.employee;' for user3 - no-filter",
+ "request":{
+ "resource":{"elements":{"database":"hr", "table":"employee"}},
+ "accessType":"select","user":"user3","userGroups":[],"requestData":"select date_of_birth from hr.employee;' for user3"
+ },
+ "rowFilterResult":{"filterExpr":null,"policyId":-1}
+ },
+ {"name":"'select date_of_birth from hr2.employee2;' for user2 - no-mask",
+ "request":{
+ "resource":{"elements":{"database":"hr2", "table":"employee2"}},
+ "accessType":"select","user":"user2","userGroups":[],"requestData":"select date_of_birth from hr2.employee2;' for user2"
+ },
+ "rowFilterResult":{"filterExpr":null,"policyId":-1}
+ }
+ ]
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c7f617b/agents-common/src/test/resources/policyengine/test_policyengine_hive_masking.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_hive_masking.json b/agents-common/src/test/resources/policyengine/test_policyengine_hive_masking.json
deleted file mode 100644
index b0e4557..0000000
--- a/agents-common/src/test/resources/policyengine/test_policyengine_hive_masking.json
+++ /dev/null
@@ -1,156 +0,0 @@
-{
- "serviceName":"hivedev",
-
- "serviceDef":{
- "name":"hive",
- "id":3,
- "resources":[
- {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Database","description":"Hive Database"},
- {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Table","description":"Hive Table"},
- {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive UDF","description":"Hive UDF"},
- {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Column","description":"Hive Column"}
- ],
- "accessTypes":[
- {"name":"select","label":"Select"},
- {"name":"update","label":"Update"},
- {"name":"create","label":"Create"},
- {"name":"drop","label":"Drop"},
- {"name":"alter","label":"Alter"},
- {"name":"index","label":"Index"},
- {"name":"lock","label":"Lock"},
- {"name":"all","label":"All",
- "impliedGrants": [
- "select",
- "update",
- "create",
- "drop",
- "alter",
- "index",
- "lock"
- ]
- }
- ],
- "dataMaskDef": {
- "maskTypes": [
- {
- "itemId": 1,
- "name": "MASK",
- "label": "Mask",
- "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'"
- },
- {
- "itemId": 2,
- "name": "SHUFFLE",
- "label": "Shuffle",
- "description": "Randomly shuffle the contents"
- },
- {
- "itemId": 10,
- "name": "NULL",
- "label": "NULL",
- "description": "Replace with NULL"
- }
-
- ],
- "accessTypes":[
- {"name":"select","label":"Select"}
- ],
- "resources":[
- {"name":"database","matcherOptions":{"wildCard":false}},
- {"name":"table","matcherOptions":{"wildCard":false}},
- {"name":"column","matcherOptions":{"wildCard":false}}
- ]
- }
- },
-
- "policies":[
- {"id":1,"name":"db=*: audit-all-access","isEnabled":true,"isAuditEnabled":true,
- "resources":{"database":{"values":["*"]},"table":{"values":["*"]},"column":{"values":["*"]}},
- "policyItems":[
- {"accesses":[{"type":"all","isAllowed":true}],"users":["hive", "user1", "user2"],"groups":["public"],"delegateAdmin":false}
- ]
- },
- {"id":101,"name":"db=*, table=*, column=ssn: mask ssn column in all tables, databases","isEnabled":true,"isAuditEnabled":true,"policyType":1,
- "resources":{"database":{"values":["employee"]},"table":{"values":["personal"]},"column":{"values":["ssn"]}},
- "dataMaskPolicyItems":[
- {"accesses":[{"type":"select","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false,
- "dataMaskInfo": {"dataMaskType":"MASK"}
- },
- {"accesses":[{"type":"select","isAllowed":true}],"users":["user2"],"groups":[],"delegateAdmin":false,
- "dataMaskInfo": {"dataMaskType":"SHUFFLE"}
- }
- ]
- },
- {"id":102,"name":"db=hr, table=*, column=date_of_birth: mask date_of_birth column in all tables in hr database","isEnabled":true,"isAuditEnabled":true,"policyType":1,
- "resources":{"database":{"values":["hr"]},"table":{"values":["employee"]},"column":{"values":["date_of_birth"]}},
- "dataMaskPolicyItems":[
- {"accesses":[{"type":"select","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false,
- "dataMaskInfo": {"dataMaskType":"MASK"}
- },
- {"accesses":[{"type":"select","isAllowed":true}],"users":["user2"],"groups":[],"delegateAdmin":false,
- "dataMaskInfo": {"dataMaskType":"SHUFFLE"}
- }
- ]
- }
- ],
-
- "tests":[
- {"name":"'select ssn from employee.personal;' for user1 - maskType=MASK",
- "request":{
- "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}},
- "accessType":"select","user":"user1","userGroups":[],"requestData":"select ssn from employee.personal;' for user1"
- },
- "dataMaskResult":{"maskType":"MASK","maskCondition":null,"maskValue":null,"policyId":101}
- },
- {"name":"'select ssn from employee.personal;' for user2 - maskType=SHUFFLE",
- "request":{
- "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}},
- "accessType":"select","user":"user2","userGroups":[],"requestData":"select ssn from employee.personal;' for user2"
- },
- "dataMaskResult":{"maskType":"SHUFFLE","maskCondition":null,"maskValue":null,"policyId":101}
- },
- {"name":"'select ssn from employee.personal;' for user3 - no-mask",
- "request":{
- "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}},
- "accessType":"select","user":"user3","userGroups":[],"requestData":"select ssn from employee.personal;' for user3"
- },
- "dataMaskResult":{"maskType":null,"maskCondition":null,"maskValue":null,"policyId":-1}
- },
- {"name":"'select name from employee.personal;' for user1 - no-mask",
- "request":{
- "resource":{"elements":{"database":"employee", "table":"personal", "column":"name"}},
- "accessType":"select","user":"user1","userGroups":[],"requestData":"select name from employee.personal;' for user1"
- },
- "dataMaskResult":{"maskType":null,"maskCondition":null,"maskValue":null,"policyId":-1}
- },
- {"name":"'select date_of_birth from hr.employee;' for user1 - maskType=MASK",
- "request":{
- "resource":{"elements":{"database":"hr", "table":"employee", "column":"date_of_birth"}},
- "accessType":"select","user":"user1","userGroups":[],"requestData":"select date_of_birth from hr.employee;' for user1"
- },
- "dataMaskResult":{"maskType":"MASK","maskCondition":null,"maskValue":null,"policyId":102}
- },
- {"name":"'select date_of_birth from hr.employee;' for user2 - maskType=SHUFFLE",
- "request":{
- "resource":{"elements":{"database":"hr", "table":"employee", "column":"date_of_birth"}},
- "accessType":"select","user":"user2","userGroups":[],"requestData":"select date_of_birth from hr.employee2;' for user2"
- },
- "dataMaskResult":{"maskType":"SHUFFLE","maskCondition":null,"maskValue":null,"policyId":102}
- },
- {"name":"'select date_of_birth1 from hr.employee;' for user1 - no-mask",
- "request":{
- "resource":{"elements":{"database":"hr", "table":"employee", "column":"date_of_birth1"}},
- "accessType":"select","user":"user1","userGroups":[],"requestData":"select date_of_birth1 from hr.employee;' for user1"
- },
- "dataMaskResult":{"maskType":null,"maskCondition":null,"maskValue":null,"policyId":-1}
- },
- {"name":"'select date_of_birth from hr2.employee2;' for user2 - no-mask",
- "request":{
- "resource":{"elements":{"database":"hr2", "table":"employee2", "column":"date_of_birth"}},
- "accessType":"select","user":"user2","userGroups":[],"requestData":"select date_of_birth from hr2.employee2;' for user2"
- },
- "dataMaskResult":{"maskType":null,"maskCondition":null,"maskValue":null,"policyId":-1}
- }
- ]
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c7f617b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
index e0e1e7a..a2a49ad 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
@@ -30,6 +30,7 @@ import org.apache.ranger.plugin.policyengine.RangerAccessResource;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import com.google.common.collect.Lists;
+import org.apache.ranger.plugin.policyengine.RangerDataMaskResult;
public class RangerHiveAuditHandler extends RangerDefaultAuditHandler {
@@ -59,14 +60,19 @@ public class RangerHiveAuditHandler extends RangerDefaultAuditHandler {
RangerAccessResource resource = request.getResource();
String accessType = null;
- if(request instanceof RangerHiveAccessRequest) {
- RangerHiveAccessRequest hiveRequest = (RangerHiveAccessRequest)request;
- accessType = hiveRequest.getHiveAccessType().toString();
- }
+ if(result instanceof RangerDataMaskResult) {
+ accessType = ((RangerDataMaskResult)result).getMaskType();
+ } else {
+ if (request instanceof RangerHiveAccessRequest) {
+ RangerHiveAccessRequest hiveRequest = (RangerHiveAccessRequest) request;
- if(StringUtils.isEmpty(accessType)) {
- accessType = request.getAccessType();
+ accessType = hiveRequest.getHiveAccessType().toString();
+ }
+
+ if (StringUtils.isEmpty(accessType)) {
+ accessType = request.getAccessType();
+ }
}
String resourcePath = resource != null ? resource.getAsString() : null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c7f617b/security-admin/db/mysql/patches/020-datamask-policy.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/mysql/patches/020-datamask-policy.sql b/security-admin/db/mysql/patches/020-datamask-policy.sql
index 8a612b3..fffa613 100644
--- a/security-admin/db/mysql/patches/020-datamask-policy.sql
+++ b/security-admin/db/mysql/patches/020-datamask-policy.sql
@@ -22,6 +22,9 @@ delimiter ;;
if not exists (select * from information_schema.columns where table_schema=database() and table_name = 'x_access_type_def' and column_name = 'datamask_options') then
ALTER TABLE `x_access_type_def` ADD `datamask_options` varchar(1024) DEFAULT NULL;
end if;
+ if not exists (select * from information_schema.columns where table_schema=database() and table_name = 'x_access_type_def' and column_name = 'rowfilter_options') then
+ ALTER TABLE `x_access_type_def` ADD `rowfilter_options` varchar(1024) DEFAULT NULL;
+ end if;
end if;
end;;
@@ -38,6 +41,9 @@ delimiter ;;
if not exists (select * from information_schema.columns where table_schema=database() and table_name = 'x_resource_def' and column_name = 'datamask_options') then
ALTER TABLE `x_resource_def` ADD `datamask_options` varchar(1024) DEFAULT NULL;
end if;
+ if not exists (select * from information_schema.columns where table_schema=database() and table_name = 'x_resource_def' and column_name = 'rowfilter_options') then
+ ALTER TABLE `x_resource_def` ADD `rowfilter_options` varchar(1024) DEFAULT NULL;
+ end if;
end if;
end;;
@@ -93,3 +99,20 @@ CONSTRAINT `x_policy_item_datamask_FK_added_by_id` FOREIGN KEY (`added_by_id`) R
CONSTRAINT `x_policy_item_datamask_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`)
);
CREATE INDEX x_policy_item_datamask_IDX_policy_item_id ON x_policy_item_datamask(policy_item_id);
+
+DROP TABLE IF EXISTS `x_policy_item_rowfilter`;
+CREATE TABLE `x_policy_item_rowfilter` (
+`id` bigint(20) NOT NULL AUTO_INCREMENT ,
+`guid` varchar(1024) DEFAULT NULL,
+`create_time` datetime DEFAULT NULL,
+`update_time` datetime DEFAULT NULL,
+`added_by_id` bigint(20) DEFAULT NULL,
+`upd_by_id` bigint(20) DEFAULT NULL,
+`policy_item_id` bigint(20) NOT NULL,
+`filter_expr` varchar(1024) DEFAULT NULL,
+primary key (id),
+CONSTRAINT `x_policy_item_rowfilter_FK_policy_item_id` FOREIGN KEY (`policy_item_id`) REFERENCES `x_policy_item` (`id`) ,
+CONSTRAINT `x_policy_item_rowfilter_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`),
+CONSTRAINT `x_policy_item_rowfilter_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`)
+);
+CREATE INDEX x_policy_item_rowfilter_IDX_policy_item_id ON x_policy_item_rowfilter(policy_item_id);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c7f617b/security-admin/db/postgres/patches/020-datamask-policy.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/postgres/patches/020-datamask-policy.sql b/security-admin/db/postgres/patches/020-datamask-policy.sql
index d000822..393684b 100644
--- a/security-admin/db/postgres/patches/020-datamask-policy.sql
+++ b/security-admin/db/postgres/patches/020-datamask-policy.sql
@@ -20,11 +20,16 @@ CREATE OR REPLACE FUNCTION add_datamask_options_to_x_access_type_def_table()
RETURNS void AS $$
DECLARE
exists_access_type_def_datamask_options integer := 0;
+ exists_access_type_def_rowfilter_options integer := 0;
BEGIN
select count(*) into exists_access_type_def_datamask_options from pg_attribute where attrelid in(select oid from pg_class where relname='x_access_type_def') and attname='datamask_options';
+ select count(*) into exists_access_type_def_rowfilter_options from pg_attribute where attrelid in(select oid from pg_class where relname='x_access_type_def') and attname='rowfilter_options';
IF exists_access_type_def_datamask_options = 0 THEN
ALTER TABLE x_access_type_def ADD COLUMN datamask_options VARCHAR(1024) DEFAULT NULL;
END IF;
+ IF exists_access_type_def_rowfilter_options = 0 THEN
+ ALTER TABLE x_access_type_def ADD COLUMN rowfilter_options VARCHAR(1024) DEFAULT NULL;
+ END IF;
END;
$$ LANGUAGE plpgsql;
@@ -33,11 +38,16 @@ CREATE OR REPLACE FUNCTION add_datamask_options_to_x_resource_def_table()
RETURNS void AS $$
DECLARE
exists_resource_def_datamask_options integer := 0;
+ exists_resource_def_rowfilter_options integer := 0;
BEGIN
select count(*) into exists_resource_def_datamask_options from pg_attribute where attrelid in(select oid from pg_class where relname='x_resource_def') and attname='datamask_options';
+ select count(*) into exists_resource_def_rowfilter_options from pg_attribute where attrelid in(select oid from pg_class where relname='x_resource_def') and attname='rowfilter_options';
IF exists_resource_def_datamask_options = 0 THEN
ALTER TABLE x_resource_def ADD COLUMN datamask_options VARCHAR(1024) DEFAULT NULL;
END IF;
+ IF exists_resource_def_rowfilter_options = 0 THEN
+ ALTER TABLE x_resource_def ADD COLUMN rowfilter_options VARCHAR(1024) DEFAULT NULL;
+ END IF;
END;
$$ LANGUAGE plpgsql;
@@ -96,3 +106,23 @@ CREATE TABLE x_policy_item_datamask (
CONSTRAINT x_policy_item_datamask_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
);
CREATE INDEX x_policy_item_datamask_IDX_policy_item_id ON x_policy_item_datamask(policy_item_id);
+
+DROP TABLE IF EXISTS x_policy_item_rowfilter;
+DROP SEQUENCE IF EXISTS x_policy_item_rowfilter_seq;
+
+CREATE SEQUENCE x_policy_item_rowfilter_seq;
+CREATE TABLE x_policy_item_rowfilter (
+ id BIGINT DEFAULT nextval('x_policy_item_rowfilter_seq'::regclass),
+ guid VARCHAR(1024) DEFAULT NULL,
+ create_time TIMESTAMP DEFAULT NULL,
+ update_time TIMESTAMP DEFAULT NULL,
+ added_by_id BIGINT DEFAULT NULL,
+ upd_by_id BIGINT DEFAULT NULL,
+ policy_item_id BIGINT NOT NULL,
+ filter_expr VARCHAR(1024) DEFAULT NULL,
+ primary key (id),
+ CONSTRAINT x_policy_item_rowfilter_FK_policy_item_id FOREIGN KEY (policy_item_id) REFERENCES x_policy_item (id) ,
+ CONSTRAINT x_policy_item_rowfilter_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_policy_item_rowfilter_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+CREATE INDEX x_policy_item_rowfilter_IDX_policy_item_id ON x_policy_item_rowfilter(policy_item_id);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c7f617b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
index 89daaea..469ebbe 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
@@ -37,7 +37,9 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemRowFilterInfo;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem;
import org.apache.ranger.plugin.policyevaluator.RangerPolicyItemEvaluator;
import org.apache.ranger.plugin.util.RangerPerfTracer;
@@ -408,7 +410,8 @@ public class RangerPolicyRetriever {
final ListIterator<XXPolicyItemGroupPerm> iterGroupPerms;
final ListIterator<XXPolicyItemAccess> iterAccesses;
final ListIterator<XXPolicyItemCondition> iterConditions;
- final ListIterator<XXPolicyItemDataMaskInfo> iterDataMaskInfos;
+ final ListIterator<XXPolicyItemDataMaskInfo> iterDataMaskInfos;
+ final ListIterator<XXPolicyItemRowFilterInfo> iterRowFilterInfos;
RetrieverContext(XXService xService) {
Long serviceId = xService == null ? null : xService.getId();
@@ -421,7 +424,8 @@ public class RangerPolicyRetriever {
List<XXPolicyItemGroupPerm> xGroupPerms = daoMgr.getXXPolicyItemGroupPerm().findByServiceId(serviceId);
List<XXPolicyItemAccess> xAccesses = daoMgr.getXXPolicyItemAccess().findByServiceId(serviceId);
List<XXPolicyItemCondition> xConditions = daoMgr.getXXPolicyItemCondition().findByServiceId(serviceId);
- List<XXPolicyItemDataMaskInfo> xDataMaskInfos = daoMgr.getXXPolicyItemDataMaskInfo().findByServiceId(serviceId);
+ List<XXPolicyItemDataMaskInfo> xDataMaskInfos = daoMgr.getXXPolicyItemDataMaskInfo().findByServiceId(serviceId);
+ List<XXPolicyItemRowFilterInfo> xRowFilterInfos = daoMgr.getXXPolicyItemRowFilterInfo().findByServiceId(serviceId);
this.service = xService;
this.iterPolicy = xPolicies.listIterator();
@@ -432,7 +436,8 @@ public class RangerPolicyRetriever {
this.iterGroupPerms = xGroupPerms.listIterator();
this.iterAccesses = xAccesses.listIterator();
this.iterConditions = xConditions.listIterator();
- this.iterDataMaskInfos = xDataMaskInfos.listIterator();
+ this.iterDataMaskInfos = xDataMaskInfos.listIterator();
+ this.iterRowFilterInfos = xRowFilterInfos.listIterator();
}
RetrieverContext(XXPolicy xPolicy) {
@@ -450,7 +455,8 @@ public class RangerPolicyRetriever {
List<XXPolicyItemGroupPerm> xGroupPerms = daoMgr.getXXPolicyItemGroupPerm().findByPolicyId(policyId);
List<XXPolicyItemAccess> xAccesses = daoMgr.getXXPolicyItemAccess().findByPolicyId(policyId);
List<XXPolicyItemCondition> xConditions = daoMgr.getXXPolicyItemCondition().findByPolicyId(policyId);
- List<XXPolicyItemDataMaskInfo> xDataMaskInfos = daoMgr.getXXPolicyItemDataMaskInfo().findByPolicyId(policyId);
+ List<XXPolicyItemDataMaskInfo> xDataMaskInfos = daoMgr.getXXPolicyItemDataMaskInfo().findByPolicyId(policyId);
+ List<XXPolicyItemRowFilterInfo> xRowFilterInfos = daoMgr.getXXPolicyItemRowFilterInfo().findByPolicyId(policyId);
this.service = xService;
this.iterPolicy = xPolicies.listIterator();
@@ -461,7 +467,8 @@ public class RangerPolicyRetriever {
this.iterGroupPerms = xGroupPerms.listIterator();
this.iterAccesses = xAccesses.listIterator();
this.iterConditions = xConditions.listIterator();
- this.iterDataMaskInfos = xDataMaskInfos.listIterator();
+ this.iterDataMaskInfos = xDataMaskInfos.listIterator();
+ this.iterRowFilterInfos = xRowFilterInfos.listIterator();
}
RangerPolicy getNextPolicy() {
@@ -549,7 +556,8 @@ public class RangerPolicyRetriever {
|| iterGroupPerms.hasNext()
|| iterAccesses.hasNext()
|| iterConditions.hasNext()
- || iterDataMaskInfos.hasNext();
+ || iterDataMaskInfos.hasNext()
+ || iterRowFilterInfos.hasNext();
return !moreToProcess;
}
@@ -592,15 +600,22 @@ public class RangerPolicyRetriever {
XXPolicyItem xPolicyItem = iterPolicyItems.next();
if(xPolicyItem.getPolicyid().equals(policy.getId())) {
- final RangerPolicyItem policyItem;
- final RangerDataMaskPolicyItem dataMaskPolicyItem;
-
- if(xPolicyItem.getItemType() == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DATA_MASKING) {
- dataMaskPolicyItem = new RangerDataMaskPolicyItem();
- policyItem = dataMaskPolicyItem;
+ final RangerPolicyItem policyItem;
+ final RangerDataMaskPolicyItem dataMaskPolicyItem;
+ final RangerRowFilterPolicyItem rowFilterPolicyItem;
+
+ if(xPolicyItem.getItemType() == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DATAMASK) {
+ dataMaskPolicyItem = new RangerDataMaskPolicyItem();
+ rowFilterPolicyItem = null;
+ policyItem = dataMaskPolicyItem;
+ } else if(xPolicyItem.getItemType() == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ROWFILTER) {
+ dataMaskPolicyItem = null;
+ rowFilterPolicyItem = new RangerRowFilterPolicyItem();
+ policyItem = rowFilterPolicyItem;
} else {
- dataMaskPolicyItem = null;
- policyItem = new RangerPolicyItem();
+ dataMaskPolicyItem = null;
+ rowFilterPolicyItem = null;
+ policyItem = new RangerPolicyItem();
}
@@ -674,7 +689,7 @@ public class RangerPolicyRetriever {
while (iterDataMaskInfos.hasNext()) {
XXPolicyItemDataMaskInfo xDataMaskInfo = iterDataMaskInfos.next();
- if (xDataMaskInfo.getPolicyitemid().equals(xPolicyItem.getId())) {
+ if (xDataMaskInfo.getPolicyItemId().equals(xPolicyItem.getId())) {
dataMaskPolicyItem.setDataMaskInfo(new RangerPolicyItemDataMaskInfo(lookupCache.getDataMaskName(xDataMaskInfo.getType()), xDataMaskInfo.getConditionExpr(), xDataMaskInfo.getValueExpr()));
} else {
if (iterDataMaskInfos.hasPrevious()) {
@@ -685,6 +700,21 @@ public class RangerPolicyRetriever {
}
}
+ if(rowFilterPolicyItem != null) {
+ while (iterRowFilterInfos.hasNext()) {
+ XXPolicyItemRowFilterInfo xRowFilterInfo = iterRowFilterInfos.next();
+
+ if (xRowFilterInfo.getPolicyItemId().equals(xPolicyItem.getId())) {
+ rowFilterPolicyItem.setRowFilterInfo(new RangerPolicyItemRowFilterInfo(xRowFilterInfo.getFilterExpr()));
+ } else {
+ if (iterRowFilterInfos.hasPrevious()) {
+ iterRowFilterInfos.previous();
+ }
+ break;
+ }
+ }
+ }
+
int itemType = xPolicyItem.getItemType() == null ? RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW : xPolicyItem.getItemType();
@@ -696,10 +726,12 @@ public class RangerPolicyRetriever {
policy.getAllowExceptions().add(policyItem);
} else if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS) {
policy.getDenyExceptions().add(policyItem);
- } else if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DATA_MASKING) {
+ } else if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DATAMASK) {
policy.getDataMaskPolicyItems().add(dataMaskPolicyItem);
- } else { // unknown itemType.. set to default type
- policy.getPolicyItems().add(policyItem);
+ } else if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ROWFILTER) {
+ policy.getRowFilterPolicyItems().add(rowFilterPolicyItem);
+ } else { // unknown itemType
+ LOG.warn("RangerPolicyRetriever.getPolicy(policyId=" + policy.getId() + "): ignoring unknown policyItemType " + itemType);
}
} else if(xPolicyItem.getPolicyid().compareTo(policy.getId()) > 0) {
if(iterPolicyItems.hasPrevious()) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c7f617b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index c4a823c..a8f063b 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -34,9 +34,12 @@ import org.apache.ranger.db.*;
import org.apache.ranger.entity.*;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemRowFilterInfo;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerPolicyResourceSignature;
import org.apache.ranger.plugin.model.RangerService;
@@ -49,6 +52,7 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerRowFilterDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef;
import org.apache.ranger.plugin.model.validation.RangerServiceDefHelper;
import org.apache.ranger.plugin.policyevaluator.RangerPolicyItemEvaluator;
@@ -212,9 +216,14 @@ public class ServiceDBStore extends AbstractServiceStore {
List<RangerPolicyConditionDef> policyConditions = serviceDef.getPolicyConditions();
List<RangerContextEnricherDef> contextEnrichers = serviceDef.getContextEnrichers();
List<RangerEnumDef> enums = serviceDef.getEnums();
- RangerDataMaskDef dataMaskDef = serviceDef.getDataMaskDef();
+ RangerDataMaskDef dataMaskDef = serviceDef.getDataMaskDef();
+ RangerRowFilterDef rowFilterDef = serviceDef.getRowFilterDef();
+ List<RangerDataMaskTypeDef> dataMaskTypes = dataMaskDef == null || dataMaskDef.getMaskTypes() == null ? new ArrayList<RangerDataMaskTypeDef>() : dataMaskDef.getMaskTypes();
+ List<RangerAccessTypeDef> dataMaskAccessTypes = dataMaskDef == null || dataMaskDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : dataMaskDef.getAccessTypes();
+ List<RangerResourceDef> dataMaskResources = dataMaskDef == null || dataMaskDef.getResources() == null ? new ArrayList<RangerResourceDef>() : dataMaskDef.getResources();
+ List<RangerAccessTypeDef> rowFilterAccessTypes = rowFilterDef == null || rowFilterDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : rowFilterDef.getAccessTypes();
+ List<RangerResourceDef> rowFilterResources = rowFilterDef == null || rowFilterDef.getResources() == null ? new ArrayList<RangerResourceDef>() : rowFilterDef.getResources();
-
// While creating, value of version should be 1.
serviceDef.setVersion(Long.valueOf(1));
@@ -325,93 +334,100 @@ public class ServiceDBStore extends AbstractServiceStore {
}
}
- if(dataMaskDef != null) {
- List<RangerDataMaskTypeDef> dataMaskTypes = dataMaskDef.getMaskTypes();
- List<RangerAccessTypeDef> dataMaskAccessTypes = dataMaskDef.getAccessTypes();
- List<RangerResourceDef> dataMaskResources = dataMaskDef.getResources();
+ XXDataMaskTypeDefDao xxDataMaskDefDao = daoMgr.getXXDataMaskTypeDef();
+ for (int i = 0; i < dataMaskTypes.size(); i++) {
+ RangerDataMaskTypeDef dataMask = dataMaskTypes.get(i);
- if(CollectionUtils.isNotEmpty(dataMaskTypes)) {
- XXDataMaskTypeDefDao xxDataMaskDefDao = daoMgr.getXXDataMaskTypeDef();
- for (int i = 0; i < dataMaskTypes.size(); i++) {
- RangerDataMaskTypeDef dataMask = dataMaskTypes.get(i);
+ XXDataMaskTypeDef xDataMaskDef = new XXDataMaskTypeDef();
+ xDataMaskDef = serviceDefService.populateRangerDataMaskDefToXX(dataMask, xDataMaskDef, createdSvcDef,
+ RangerServiceDefService.OPERATION_CREATE_CONTEXT);
+ xDataMaskDef.setOrder(i);
+ xDataMaskDef = xxDataMaskDefDao.create(xDataMaskDef);
+ }
- XXDataMaskTypeDef xDataMaskDef = new XXDataMaskTypeDef();
- xDataMaskDef = serviceDefService.populateRangerDataMaskDefToXX(dataMask, xDataMaskDef, createdSvcDef,
- RangerServiceDefService.OPERATION_CREATE_CONTEXT);
- xDataMaskDef.setOrder(i);
- xDataMaskDef = xxDataMaskDefDao.create(xDataMaskDef);
- }
+ List<XXAccessTypeDef> xxAccessTypeDefs = xxATDDao.findByServiceDefId(createdSvcDef.getId());
+
+ for(RangerAccessTypeDef accessType : dataMaskAccessTypes) {
+ if(! isAccessTypeInList(accessType.getName(), xxAccessTypeDefs)) {
+ throw restErrorUtil.createRESTException("accessType with name: "
+ + accessType.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
+ }
- if(CollectionUtils.isNotEmpty(dataMaskAccessTypes)) {
- List<XXAccessTypeDef> xxAccessTypeDefs = xxATDDao.findByServiceDefId(xServiceDef.getId());
+ for(RangerAccessTypeDef accessType : rowFilterAccessTypes) {
+ if(! isAccessTypeInList(accessType.getName(), xxAccessTypeDefs)) {
+ throw restErrorUtil.createRESTException("accessType with name: "
+ + accessType.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
+ }
+ }
- for(RangerAccessTypeDef accessType : dataMaskAccessTypes) {
- boolean found = false;
- for(XXAccessTypeDef xxAccessTypeDef : xxAccessTypeDefs) {
- if(StringUtils.equals(xxAccessTypeDef.getName(), accessType.getName())) {
- found = true;
+ for(XXAccessTypeDef xxAccessTypeDef : xxAccessTypeDefs) {
+ String dataMaskOptions = null;
+ String rowFilterOptions = null;
- break;
- }
- }
+ for(RangerAccessTypeDef accessTypeDef : dataMaskAccessTypes) {
+ if(StringUtils.equals(accessTypeDef.getName(), xxAccessTypeDef.getName())) {
+ dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(accessTypeDef);
+ break;
+ }
+ }
- if(! found) {
- throw restErrorUtil.createRESTException("accessType with name: "
- + accessType + " does not exists", MessageEnums.DATA_NOT_FOUND);
- }
+ for(RangerAccessTypeDef accessTypeDef : rowFilterAccessTypes) {
+ if(StringUtils.equals(accessTypeDef.getName(), xxAccessTypeDef.getName())) {
+ rowFilterOptions = svcDefServiceWithAssignedId.objectToJson(accessTypeDef);
+ break;
}
+ }
- for(XXAccessTypeDef xxAccessTypeDef : xxAccessTypeDefs) {
- String dataMaskOptions = null;
+ if(!StringUtils.equals(dataMaskOptions, xxAccessTypeDef.getDataMaskOptions()) ||
+ !StringUtils.equals(rowFilterOptions, xxAccessTypeDef.getRowFilterOptions())) {
+ xxAccessTypeDef.setDataMaskOptions(dataMaskOptions);
+ xxAccessTypeDef.setRowFilterOptions(rowFilterOptions);
- for(RangerAccessTypeDef dataMaskAccessType : dataMaskAccessTypes) {
- if(StringUtils.equals(dataMaskAccessType.getName(), xxAccessTypeDef.getName())) {
- dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(dataMaskAccessType);
- break;
- }
- }
+ xxATDDao.update(xxAccessTypeDef);
+ }
+ }
- if(! StringUtils.equals(dataMaskOptions, xxAccessTypeDef.getDataMaskOptions())) {
- xxAccessTypeDef.setDataMaskOptions(dataMaskOptions);
- xxATDDao.update(xxAccessTypeDef);
- }
- }
+ List<XXResourceDef> xxResourceDefs = xxResDefDao.findByServiceDefId(createdSvcDef.getId());
+
+ for(RangerResourceDef resource : dataMaskResources) {
+ if(! isResourceInList(resource.getName(), xxResourceDefs)) {
+ throw restErrorUtil.createRESTException("resource with name: "
+ + resource.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
+ }
- if(CollectionUtils.isNotEmpty(dataMaskResources)) {
- List<XXResourceDef> xxResourceDefs = xxResDefDao.findByServiceDefId(xServiceDef.getId());
+ for(RangerResourceDef resource : rowFilterResources) {
+ if(! isResourceInList(resource.getName(), xxResourceDefs)) {
+ throw restErrorUtil.createRESTException("resource with name: "
+ + resource.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
+ }
+ }
- for(RangerResourceDef resource : dataMaskResources) {
- boolean found = false;
- for(XXResourceDef xxResourceDef : xxResourceDefs) {
- if(StringUtils.equals(xxResourceDef.getName(), resource.getName())) {
- found = true;
- break;
- }
- }
+ for(XXResourceDef xxResourceDef : xxResourceDefs) {
+ String dataMaskOptions = null;
+ String rowFilterOptions = null;
- if(! found) {
- throw restErrorUtil.createRESTException("resource with name: "
- + resource + " does not exists", MessageEnums.DATA_NOT_FOUND);
- }
+ for(RangerResourceDef resource : dataMaskResources) {
+ if(StringUtils.equals(resource.getName(), xxResourceDef.getName())) {
+ dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(resource);
+ break;
}
+ }
- for(XXResourceDef xxResourceDef : xxResourceDefs) {
- String dataMaskOptions = null;
+ for(RangerResourceDef resource : rowFilterResources) {
+ if(StringUtils.equals(resource.getName(), xxResourceDef.getName())) {
+ rowFilterOptions = svcDefServiceWithAssignedId.objectToJson(resource);
+ break;
+ }
+ }
- for(RangerResourceDef dataMaskResource : dataMaskResources) {
- if(StringUtils.equals(dataMaskResource.getName(), xxResourceDef.getName())) {
- dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(dataMaskResource);
- break;
- }
- }
+ if(!StringUtils.equals(dataMaskOptions, xxResourceDef.getDataMaskOptions()) ||
+ !StringUtils.equals(rowFilterOptions, xxResourceDef.getRowFilterOptions())) {
+ xxResourceDef.setDataMaskOptions(dataMaskOptions);
+ xxResourceDef.setRowFilterOptions(rowFilterOptions);
- if(! StringUtils.equals(dataMaskOptions, xxResourceDef.getDataMaskOptions())) {
- xxResourceDef.setDataMaskOptions(dataMaskOptions);
- xxResDefDao.update(xxResourceDef);
- }
- }
+ xxResDefDao.update(xxResourceDef);
}
}
@@ -462,6 +478,7 @@ public class ServiceDBStore extends AbstractServiceStore {
List<RangerContextEnricherDef> contextEnrichers = serviceDef.getContextEnrichers() != null ? serviceDef.getContextEnrichers() : new ArrayList<RangerContextEnricherDef>();
List<RangerEnumDef> enums = serviceDef.getEnums() != null ? serviceDef.getEnums() : new ArrayList<RangerEnumDef>();
RangerDataMaskDef dataMaskDef = serviceDef.getDataMaskDef();
+ RangerRowFilterDef rowFilterDef = serviceDef.getRowFilterDef();
serviceDef.setCreateTime(existing.getCreateTime());
serviceDef.setGuid(existing.getGuid());
@@ -470,7 +487,7 @@ public class ServiceDBStore extends AbstractServiceStore {
serviceDef = serviceDefService.update(serviceDef);
XXServiceDef createdSvcDef = daoMgr.getXXServiceDef().getById(serviceDefId);
- updateChildObjectsOfServiceDef(createdSvcDef, configs, resources, accessTypes, policyConditions, contextEnrichers, enums, dataMaskDef);
+ updateChildObjectsOfServiceDef(createdSvcDef, configs, resources, accessTypes, policyConditions, contextEnrichers, enums, dataMaskDef, rowFilterDef);
RangerServiceDef updatedSvcDef = getServiceDef(serviceDefId);
dataHistService.createObjectDataHistory(updatedSvcDef, RangerDataHistService.ACTION_UPDATE);
@@ -488,7 +505,7 @@ public class ServiceDBStore extends AbstractServiceStore {
private void updateChildObjectsOfServiceDef(XXServiceDef createdSvcDef, List<RangerServiceConfigDef> configs,
List<RangerResourceDef> resources, List<RangerAccessTypeDef> accessTypes,
List<RangerPolicyConditionDef> policyConditions, List<RangerContextEnricherDef> contextEnrichers,
- List<RangerEnumDef> enums, RangerServiceDef.RangerDataMaskDef dataMaskDef) {
+ List<RangerEnumDef> enums, RangerDataMaskDef dataMaskDef, RangerRowFilterDef rowFilterDef) {
Long serviceDefId = createdSvcDef.getId();
@@ -822,13 +839,18 @@ public class ServiceDBStore extends AbstractServiceStore {
}
}
- List<RangerDataMaskTypeDef> dataMasks = dataMaskDef == null || dataMaskDef.getMaskTypes() == null ? new ArrayList<RangerDataMaskTypeDef>() : dataMaskDef.getMaskTypes();
- List<RangerAccessTypeDef> dataMaskAccessTypes = dataMaskDef == null || dataMaskDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : dataMaskDef.getAccessTypes();
- List<RangerResourceDef> dataMaskResources = dataMaskDef == null || dataMaskDef.getResources() == null ? new ArrayList<RangerResourceDef>() : dataMaskDef.getResources();
- XXDataMaskTypeDefDao dataMaskTypeDao = daoMgr.getXXDataMaskTypeDef();
- List<XXDataMaskTypeDef> xxDataMaskTypes = dataMaskTypeDao.findByServiceDefId(serviceDefId);
+ List<RangerDataMaskTypeDef> dataMasks = dataMaskDef == null || dataMaskDef.getMaskTypes() == null ? new ArrayList<RangerDataMaskTypeDef>() : dataMaskDef.getMaskTypes();
+ List<RangerAccessTypeDef> dataMaskAccessTypes = dataMaskDef == null || dataMaskDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : dataMaskDef.getAccessTypes();
+ List<RangerResourceDef> dataMaskResources = dataMaskDef == null || dataMaskDef.getResources() == null ? new ArrayList<RangerResourceDef>() : dataMaskDef.getResources();
+ List<RangerAccessTypeDef> rowFilterAccessTypes = rowFilterDef == null || rowFilterDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : rowFilterDef.getAccessTypes();
+ List<RangerResourceDef> rowFilterResources = rowFilterDef == null || rowFilterDef.getResources() == null ? new ArrayList<RangerResourceDef>() : rowFilterDef.getResources();
+ XXDataMaskTypeDefDao dataMaskTypeDao = daoMgr.getXXDataMaskTypeDef();
+ List<XXDataMaskTypeDef> xxDataMaskTypes = dataMaskTypeDao.findByServiceDefId(serviceDefId);
+ List<XXAccessTypeDef> xxAccessTypeDefs = xxATDDao.findByServiceDefId(serviceDefId);
+ List<XXResourceDef> xxResourceDefs = xxResDefDao.findByServiceDefId(serviceDefId);
+
// create or update dataMasks
- for (RangerServiceDef.RangerDataMaskTypeDef dataMask : dataMasks) {
+ for (RangerDataMaskTypeDef dataMask : dataMasks) {
boolean found = false;
for (XXDataMaskTypeDef xxDataMask : xxDataMaskTypes) {
if (xxDataMask.getItemId() != null && xxDataMask.getItemId().equals(dataMask.getItemId())) {
@@ -874,68 +896,82 @@ public class ServiceDBStore extends AbstractServiceStore {
}
}
- List<XXAccessTypeDef> xxAccessTypeDefs = xxATDDao.findByServiceDefId(serviceDefId);
-
for(RangerAccessTypeDef accessType : dataMaskAccessTypes) {
- boolean found = false;
- for(XXAccessTypeDef xxAccessTypeDef : xxAccessTypeDefs) {
- if(StringUtils.equals(xxAccessTypeDef.getName(), accessType.getName())) {
- found = true;
- break;
- }
+ if(! isAccessTypeInList(accessType.getName(), xxAccessTypeDefs)) {
+ throw restErrorUtil.createRESTException("accessType with name: "
+ + accessType.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
+ }
- if(! found) {
+ for(RangerAccessTypeDef accessType : rowFilterAccessTypes) {
+ if(! isAccessTypeInList(accessType.getName(), xxAccessTypeDefs)) {
throw restErrorUtil.createRESTException("accessType with name: "
- + accessType + " does not exists", MessageEnums.DATA_NOT_FOUND);
+ + accessType.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for(XXAccessTypeDef xxAccessTypeDef : xxAccessTypeDefs) {
String dataMaskOptions = null;
+ String rowFilterOptions = null;
+
+ for(RangerAccessTypeDef accessTypeDef : dataMaskAccessTypes) {
+ if(StringUtils.equals(accessTypeDef.getName(), xxAccessTypeDef.getName())) {
+ dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(accessTypeDef);
+ break;
+ }
+ }
- for(RangerAccessTypeDef dataMaskAccessType : dataMaskAccessTypes) {
- if(StringUtils.equals(dataMaskAccessType.getName(), xxAccessTypeDef.getName())) {
- dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(dataMaskAccessType);
+ for(RangerAccessTypeDef accessTypeDef : rowFilterAccessTypes) {
+ if(StringUtils.equals(accessTypeDef.getName(), xxAccessTypeDef.getName())) {
+ rowFilterOptions = svcDefServiceWithAssignedId.objectToJson(accessTypeDef);
break;
}
}
- if(! StringUtils.equals(dataMaskOptions, xxAccessTypeDef.getDataMaskOptions())) {
+ if(!StringUtils.equals(dataMaskOptions, xxAccessTypeDef.getDataMaskOptions()) ||
+ !StringUtils.equals(rowFilterOptions, xxAccessTypeDef.getRowFilterOptions())) {
xxAccessTypeDef.setDataMaskOptions(dataMaskOptions);
+ xxAccessTypeDef.setRowFilterOptions(rowFilterOptions);
xxATDDao.update(xxAccessTypeDef);
}
}
- List<XXResourceDef> xxResourceDefs = xxResDefDao.findByServiceDefId(serviceDefId);
-
for(RangerResourceDef resource : dataMaskResources) {
- boolean found = false;
- for(XXResourceDef xxResourceDef : xxResourceDefs) {
- if(StringUtils.equals(xxResourceDef.getName(), resource.getName())) {
- found = true;
- break;
- }
+ if(! isResourceInList(resource.getName(), xxResourceDefs)) {
+ throw restErrorUtil.createRESTException("resource with name: "
+ + resource.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
+ }
- if(! found) {
+ for(RangerResourceDef resource : rowFilterResources) {
+ if(! isResourceInList(resource.getName(), xxResourceDefs)) {
throw restErrorUtil.createRESTException("resource with name: "
- + resource + " does not exists", MessageEnums.DATA_NOT_FOUND);
+ + resource.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for(XXResourceDef xxResourceDef : xxResourceDefs) {
- String dataMaskOptions = null;
+ String dataMaskOptions = null;
+ String rowFilterOptions = null;
- for(RangerResourceDef dataMaskResource : dataMaskResources) {
- if(StringUtils.equals(dataMaskResource.getName(), xxResourceDef.getName())) {
- dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(dataMaskResource);
+ for(RangerResourceDef resource : dataMaskResources) {
+ if(StringUtils.equals(resource.getName(), xxResourceDef.getName())) {
+ dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(resource);
break;
}
}
- if(! StringUtils.equals(dataMaskOptions, xxResourceDef.getDataMaskOptions())) {
+ for(RangerResourceDef resource : rowFilterResources) {
+ if(StringUtils.equals(resource.getName(), xxResourceDef.getName())) {
+ rowFilterOptions = svcDefServiceWithAssignedId.objectToJson(resource);
+ break;
+ }
+ }
+
+ if(!StringUtils.equals(dataMaskOptions, xxResourceDef.getDataMaskOptions()) ||
+ !StringUtils.equals(rowFilterOptions, xxResourceDef.getRowFilterOptions())) {
xxResourceDef.setDataMaskOptions(dataMaskOptions);
+ xxResourceDef.setRowFilterOptions(rowFilterOptions);
xxResDefDao.update(xxResourceDef);
}
}
@@ -1596,6 +1632,7 @@ public class ServiceDBStore extends AbstractServiceStore {
List<RangerPolicyItem> allowExceptions = policy.getAllowExceptions();
List<RangerPolicyItem> denyExceptions = policy.getDenyExceptions();
List<RangerDataMaskPolicyItem> dataMaskItems = policy.getDataMaskPolicyItems();
+ List<RangerRowFilterPolicyItem> rowFilterItems = policy.getRowFilterPolicyItems();
policy.setVersion(Long.valueOf(1));
updatePolicySignature(policy);
@@ -1620,7 +1657,8 @@ public class ServiceDBStore extends AbstractServiceStore {
createNewPolicyItemsForPolicy(policy, xCreatedPolicy, denyPolicyItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY);
createNewPolicyItemsForPolicy(policy, xCreatedPolicy, allowExceptions, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS);
createNewPolicyItemsForPolicy(policy, xCreatedPolicy, denyExceptions, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS);
- createNewDataMaskPolicyItemsForPolicy(policy, xCreatedPolicy, dataMaskItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DATA_MASKING);
+ createNewDataMaskPolicyItemsForPolicy(policy, xCreatedPolicy, dataMaskItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DATAMASK);
+ createNewRowFilterPolicyItemsForPolicy(policy, xCreatedPolicy, rowFilterItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ROWFILTER);
handlePolicyUpdate(service);
RangerPolicy createdPolicy = policyService.getPopulatedViewObject(xCreatedPolicy);
dataHistService.createObjectDataHistory(createdPolicy, RangerDataHistService.ACTION_CREATE);
@@ -1674,7 +1712,8 @@ public class ServiceDBStore extends AbstractServiceStore {
List<RangerPolicyItem> allowExceptions = policy.getAllowExceptions();
List<RangerPolicyItem> denyExceptions = policy.getDenyExceptions();
List<RangerDataMaskPolicyItem> dataMaskPolicyItems = policy.getDataMaskPolicyItems();
-
+ List<RangerRowFilterPolicyItem> rowFilterItems = policy.getRowFilterPolicyItems();
+
policy.setCreateTime(xxExisting.getCreateTime());
policy.setGuid(xxExisting.getGuid());
policy.setVersion(xxExisting.getVersion());
@@ -1694,7 +1733,8 @@ public class ServiceDBStore extends AbstractServiceStore {
createNewPolicyItemsForPolicy(policy, newUpdPolicy, denyPolicyItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY);
createNewPolicyItemsForPolicy(policy, newUpdPolicy, allowExceptions, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS);
createNewPolicyItemsForPolicy(policy, newUpdPolicy, denyExceptions, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS);
- createNewDataMaskPolicyItemsForPolicy(policy, newUpdPolicy, dataMaskPolicyItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DATA_MASKING);
+ createNewDataMaskPolicyItemsForPolicy(policy, newUpdPolicy, dataMaskPolicyItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DATAMASK);
+ createNewRowFilterPolicyItemsForPolicy(policy, newUpdPolicy, rowFilterItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ROWFILTER);
handlePolicyUpdate(service);
RangerPolicy updPolicy = policyService.getPopulatedViewObject(newUpdPolicy);
@@ -2284,7 +2324,7 @@ public class ServiceDBStore extends AbstractServiceStore {
}
}
- private XXPolicyItem createNewPolicyItemForPolicy(RangerPolicy policy, XXPolicy xPolicy, RangerPolicy.RangerPolicyItem policyItem, XXServiceDef xServiceDef, int itemOrder, int policyItemType) throws Exception {
+ private XXPolicyItem createNewPolicyItemForPolicy(RangerPolicy policy, XXPolicy xPolicy, RangerPolicyItem policyItem, XXServiceDef xServiceDef, int itemOrder, int policyItemType) throws Exception {
XXPolicyItem xPolicyItem = new XXPolicyItem();
xPolicyItem = (XXPolicyItem) rangerAuditFields.populateAuditFields(xPolicyItem, xPolicy);
@@ -2393,7 +2433,7 @@ public class ServiceDBStore extends AbstractServiceStore {
XXPolicyItem xPolicyItem = createNewPolicyItemForPolicy(policy, xPolicy, policyItem, xServiceDef, itemOrder, policyItemType);
- RangerPolicy.RangerPolicyItemDataMaskInfo dataMaskInfo = policyItem.getDataMaskInfo();
+ RangerPolicyItemDataMaskInfo dataMaskInfo = policyItem.getDataMaskInfo();
if(dataMaskInfo != null) {
XXDataMaskTypeDef dataMaskDef = daoMgr.getXXDataMaskTypeDef().findByNameAndServiceId(dataMaskInfo.getDataMaskType(), xPolicy.getService());
@@ -2404,7 +2444,7 @@ public class ServiceDBStore extends AbstractServiceStore {
XXPolicyItemDataMaskInfo xxDataMaskInfo = new XXPolicyItemDataMaskInfo();
- xxDataMaskInfo.setPolicyitemid(xPolicyItem.getId());
+ xxDataMaskInfo.setPolicyItemId(xPolicyItem.getId());
xxDataMaskInfo.setType(dataMaskDef.getId());
xxDataMaskInfo.setConditionExpr(dataMaskInfo.getConditionExpr());
xxDataMaskInfo.setValueExpr(dataMaskInfo.getValueExpr());
@@ -2415,6 +2455,27 @@ public class ServiceDBStore extends AbstractServiceStore {
}
}
+ private void createNewRowFilterPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerRowFilterPolicyItem> policyItems, XXServiceDef xServiceDef, int policyItemType) throws Exception {
+ if(CollectionUtils.isNotEmpty(policyItems)) {
+ for (int itemOrder = 0; itemOrder < policyItems.size(); itemOrder++) {
+ RangerRowFilterPolicyItem policyItem = policyItems.get(itemOrder);
+
+ XXPolicyItem xPolicyItem = createNewPolicyItemForPolicy(policy, xPolicy, policyItem, xServiceDef, itemOrder, policyItemType);
+
+ RangerPolicyItemRowFilterInfo dataMaskInfo = policyItem.getRowFilterInfo();
+
+ if(dataMaskInfo != null) {
+ XXPolicyItemRowFilterInfo xxRowFilterInfo = new XXPolicyItemRowFilterInfo();
+
+ xxRowFilterInfo.setPolicyItemId(xPolicyItem.getId());
+ xxRowFilterInfo.setFilterExpr(dataMaskInfo.getFilterExpr());
+
+ xxRowFilterInfo = daoMgr.getXXPolicyItemRowFilterInfo().create(xxRowFilterInfo);
+ }
+ }
+ }
+ }
+
private void createNewResourcesForPolicy(RangerPolicy policy, XXPolicy xPolicy, Map<String, RangerPolicyResource> resources) throws Exception {
for (Entry<String, RangerPolicyResource> resource : resources.entrySet()) {
@@ -2491,6 +2552,12 @@ public class ServiceDBStore extends AbstractServiceStore {
polItemDataMaskInfoDao.remove(dataMaskInfo);
}
+ XXPolicyItemRowFilterInfoDao polItemRowFilterInfoDao = daoMgr.getXXPolicyItemRowFilterInfo();
+ List<XXPolicyItemRowFilterInfo> rowFilterInfos = polItemRowFilterInfoDao.findByPolicyItemId(polItemId);
+ for(XXPolicyItemRowFilterInfo rowFilterInfo : rowFilterInfos) {
+ polItemRowFilterInfoDao.remove(rowFilterInfo);
+ }
+
policyItemDao.remove(policyItem);
}
return true;
@@ -2628,4 +2695,23 @@ public class ServiceDBStore extends AbstractServiceStore {
return ret;
}
+ private boolean isAccessTypeInList(String accessType, List<XXAccessTypeDef> xAccessTypeDefs) {
+ for(XXAccessTypeDef xxAccessTypeDef : xAccessTypeDefs) {
+ if(StringUtils.equals(xxAccessTypeDef.getName(), accessType)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ private boolean isResourceInList(String resource, List<XXResourceDef> xResourceDefs) {
+ for(XXResourceDef xResourceDef : xResourceDefs) {
+ if(StringUtils.equals(xResourceDef.getName(), resource)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c7f617b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index e9c8394..6f53a24 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -34,7 +34,9 @@ import org.apache.ranger.entity.XXGroupPermission;
import org.apache.ranger.entity.XXModuleDef;
import org.apache.ranger.entity.XXUserPermission;
import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem;
import org.apache.ranger.service.RangerPolicyService;
import org.apache.ranger.service.XGroupPermissionService;
import org.apache.ranger.service.XModuleDefService;
@@ -1522,6 +1524,14 @@ public class XUserMgr extends XUserMgrBase {
removeUserGroupReferences(denyExceptions,null,vXGroup.getName());
rangerPolicy.setDenyExceptions(denyExceptions);
+ List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
+ removeUserGroupReferences(dataMaskItems,null,vXGroup.getName());
+ rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
+
+ List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
+ removeUserGroupReferences(rowFilterItems,null,vXGroup.getName());
+ rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
+
try {
svcStore.updatePolicy(rangerPolicy);
} catch (Throwable excp) {
@@ -1694,6 +1704,14 @@ public class XUserMgr extends XUserMgrBase {
removeUserGroupReferences(denyExceptions,vXUser.getName(),null);
rangerPolicy.setDenyExceptions(denyExceptions);
+ List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
+ removeUserGroupReferences(dataMaskItems,vXUser.getName(),null);
+ rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
+
+ List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
+ removeUserGroupReferences(rowFilterItems,vXUser.getName(),null);
+ rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
+
try{
svcStore.updatePolicy(rangerPolicy);
}catch(Throwable excp) {
@@ -1761,9 +1779,9 @@ public class XUserMgr extends XUserMgrBase {
}
}
- private void removeUserGroupReferences(List<RangerPolicyItem> policyItems, String user, String group) {
- List<RangerPolicyItem> itemsToRemove = null;
- for(RangerPolicyItem policyItem : policyItems) {
+ private <T extends RangerPolicyItem> void removeUserGroupReferences(List<T> policyItems, String user, String group) {
+ List<T> itemsToRemove = null;
+ for(T policyItem : policyItems) {
if(!StringUtil.isEmpty(user)) {
policyItem.getUsers().remove(user);
}
@@ -1772,7 +1790,7 @@ public class XUserMgr extends XUserMgrBase {
}
if(policyItem.getUsers().isEmpty() && policyItem.getGroups().isEmpty()) {
if(itemsToRemove == null) {
- itemsToRemove = new ArrayList<RangerPolicyItem>();
+ itemsToRemove = new ArrayList<T>();
}
itemsToRemove.add(policyItem);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c7f617b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
index 6988750..3851069 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
@@ -583,11 +583,15 @@ public class AppConstants extends RangerCommonEnums {
* CLASS_TYPE_RANGER_POLICY_ITEM_DATAMASK_INFO is an element of enum ClassTypes. Its value is "CLASS_TYPE_RANGER_POLICY_ITEM_DATAMASK_INFO".
*/
public static final int CLASS_TYPE_RANGER_POLICY_ITEM_DATAMASK_INFO = 1050;
+ /**
+ * CLASS_TYPE_RANGER_POLICY_ITEM_ROWFILTER_INFO is an element of enum ClassTypes. Its value is "CLASS_TYPE_RANGER_POLICY_ITEM_ROWFILTER_INFO".
+ */
+ public static final int CLASS_TYPE_RANGER_POLICY_ITEM_ROWFILTER_INFO = 1051;
/**
* Max value for enum ClassTypes_MAX
*/
- public static final int ClassTypes_MAX = 1050;
+ public static final int ClassTypes_MAX = 1051;
/***************************************************************
* Enum values for Default SortOrder
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c7f617b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
index 5431553..6559850 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
@@ -192,6 +192,9 @@ public abstract class RangerDaoManagerBase {
if (classType == AppConstants.CLASS_TYPE_RANGER_POLICY_ITEM_DATAMASK_INFO) {
return getXXPolicyItemDataMaskInfo();
}
+ if (classType== AppConstants.CLASS_TYPE_RANGER_POLICY_ITEM_ROWFILTER_INFO) {
+ return getXXPolicyItemRowFilterInfo();
+ }
logger.error("No DaoManager found for classType=" + classType, new Throwable());
return null;
@@ -352,6 +355,9 @@ public abstract class RangerDaoManagerBase {
if (className.equals("XXPolicyItemDataMaskInfo")) {
return getXXPolicyItemDataMaskInfo();
}
+ if (className.equals("XXPolicyItemRowFilterInfo")) {
+ return getXXPolicyItemRowFilterInfo();
+ }
logger.error("No DaoManager found for className=" + className, new Throwable());
return null;
@@ -566,5 +572,9 @@ public abstract class RangerDaoManagerBase {
return new XXPolicyItemDataMaskInfoDao(this);
}
+ public XXPolicyItemRowFilterInfoDao getXXPolicyItemRowFilterInfo() {
+ return new XXPolicyItemRowFilterInfoDao(this);
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c7f617b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java
new file mode 100644
index 0000000..4618e7d
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.db;
+
+import org.apache.ranger.common.db.BaseDao;
+import org.apache.ranger.entity.XXPolicyItemRowFilterInfo;
+
+import javax.persistence.NoResultException;
+import java.util.ArrayList;
+import java.util.List;
+
+public class XXPolicyItemRowFilterInfoDao extends BaseDao<XXPolicyItemRowFilterInfo> {
+
+ public XXPolicyItemRowFilterInfoDao(RangerDaoManagerBase daoManager) {
+ super(daoManager);
+ }
+
+ public List<XXPolicyItemRowFilterInfo> findByPolicyItemId(Long polItemId) {
+ if(polItemId == null) {
+ return new ArrayList<XXPolicyItemRowFilterInfo>();
+ }
+ try {
+ return getEntityManager()
+ .createNamedQuery("XXPolicyItemRowFilterInfo.findByPolicyItemId", tClass)
+ .setParameter("polItemId", polItemId).getResultList();
+ } catch (NoResultException e) {
+ return new ArrayList<XXPolicyItemRowFilterInfo>();
+ }
+ }
+
+ public List<XXPolicyItemRowFilterInfo> findByPolicyId(Long policyId) {
+ if(policyId == null) {
+ return new ArrayList<XXPolicyItemRowFilterInfo>();
+ }
+ try {
+ return getEntityManager()
+ .createNamedQuery("XXPolicyItemRowFilterInfo.findByPolicyId", tClass)
+ .setParameter("policyId", policyId).getResultList();
+ } catch (NoResultException e) {
+ return new ArrayList<XXPolicyItemRowFilterInfo>();
+ }
+ }
+
+ public List<XXPolicyItemRowFilterInfo> findByServiceId(Long serviceId) {
+ if(serviceId == null) {
+ return new ArrayList<XXPolicyItemRowFilterInfo>();
+ }
+ try {
+ return getEntityManager()
+ .createNamedQuery("XXPolicyItemRowFilterInfo.findByServiceId", tClass)
+ .setParameter("serviceId", serviceId).getResultList();
+ } catch (NoResultException e) {
+ return new ArrayList<XXPolicyItemRowFilterInfo>();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c7f617b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java
index 5bc22e0..719ada1 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java
@@ -103,6 +103,15 @@ public class XXAccessTypeDef extends XXDBBase implements java.io.Serializable {
protected String dataMaskOptions;
/**
+ * rowFilterOptions of the XXAccessTypeDef
+ * <ul>
+ * </ul>
+ *
+ */
+ @Column(name = "rowfilter_options")
+ protected String rowFilterOptions;
+
+ /**
* This method sets the value to the member attribute <b> id</b> . You
* cannot set null to the attribute.
*
@@ -250,6 +259,10 @@ public class XXAccessTypeDef extends XXDBBase implements java.io.Serializable {
this.dataMaskOptions = dataMaskOptions;
}
+ public String getRowFilterOptions() { return rowFilterOptions; }
+
+ public void setRowFilterOptions(String rowFilterOptions) { this.rowFilterOptions = rowFilterOptions; }
+
/*
* (non-Javadoc)
*
@@ -326,6 +339,13 @@ public class XXAccessTypeDef extends XXDBBase implements java.io.Serializable {
} else if (!dataMaskOptions.equals(other.dataMaskOptions)) {
return false;
}
+ if (rowFilterOptions == null) {
+ if (other.rowFilterOptions != null) {
+ return false;
+ }
+ } else if (!rowFilterOptions.equals(other.rowFilterOptions)) {
+ return false;
+ }
return true;
}
@@ -338,7 +358,8 @@ public class XXAccessTypeDef extends XXDBBase implements java.io.Serializable {
public String toString() {
return "XXAccessTypeDef [" + super.toString() + " id=" + id
+ ", defId=" + defId + ", itemId=" + itemId + ", name=" + name + ", label=" + label
- + ", rbKeyLabel=" + rbKeyLabel + ", dataMaskOptions=" + dataMaskOptions + ", order=" + order + "]";
+ + ", rbKeyLabel=" + rbKeyLabel + ", dataMaskOptions=" + dataMaskOptions
+ + ", rowFilterOptions=" + rowFilterOptions + ", order=" + order + "]";
}
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c7f617b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemDataMaskInfo.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemDataMaskInfo.java b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemDataMaskInfo.java
index 391f5a8..5561255 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemDataMaskInfo.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemDataMaskInfo.java
@@ -41,16 +41,6 @@ public class XXPolicyItemDataMaskInfo extends XXDBBase implements
protected Long id;
/**
- * Global Id for the object
- * <ul>
- * <li>The maximum length for this attribute is <b>512</b>.
- * </ul>
- *
- */
- @Column(name = "guid", unique = true, nullable = false, length = 512)
- protected String GUID;
-
- /**
* policyItemId of the XXPolicyItemDataMaskInfo
* <ul>
* </ul>
@@ -107,28 +97,13 @@ public class XXPolicyItemDataMaskInfo extends XXDBBase implements
}
/**
- * @return the gUID
- */
- public String getGUID() {
- return GUID;
- }
-
- /**
- * @param gUID
- * the gUID to set
- */
- public void setGUID(String gUID) {
- GUID = gUID;
- }
-
- /**
* This method sets the value to the member attribute <b> policyItemId</b> .
* You cannot set null to the attribute.
*
* @param policyItemId
* Value to set member attribute <b> policyItemId</b>
*/
- public void setPolicyitemid(Long policyItemId) {
+ public void setPolicyItemId(Long policyItemId) {
this.policyItemId = policyItemId;
}
@@ -137,7 +112,7 @@ public class XXPolicyItemDataMaskInfo extends XXDBBase implements
*
* @return Date - value of member attribute <b>policyItemId</b> .
*/
- public Long getPolicyitemid() {
+ public Long getPolicyItemId() {
return this.policyItemId;
}
@@ -256,13 +231,6 @@ public class XXPolicyItemDataMaskInfo extends XXDBBase implements
} else if (!type.equals(other.type)) {
return false;
}
- if (GUID == null) {
- if (other.GUID != null) {
- return false;
- }
- } else if (!GUID.equals(other.GUID)) {
- return false;
- }
return true;
}
@@ -274,9 +242,8 @@ public class XXPolicyItemDataMaskInfo extends XXDBBase implements
@Override
public String toString() {
return "XXPolicyItemDataMaskInfo [" + super.toString() + " id=" + id
- + ", guid=" + GUID + ", policyItemId="
- + policyItemId + ", type=" + type + ", conditionExpr=" + conditionExpr
- + ", valueExpr=" + valueExpr + "]";
+ + ", policyItemId=" + policyItemId + ", type=" + type
+ + ", conditionExpr=" + conditionExpr + ", valueExpr=" + valueExpr + "]";
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c7f617b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemRowFilterInfo.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemRowFilterInfo.java b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemRowFilterInfo.java
new file mode 100644
index 0000000..6a63ad1
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemRowFilterInfo.java
@@ -0,0 +1,176 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ranger.entity;
+
+import javax.persistence.*;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@Entity
+@Cacheable
+@XmlRootElement
+@Table(name = "x_policy_item_rowfilter")
+public class XXPolicyItemRowFilterInfo extends XXDBBase implements
+ java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+ /**
+ * id of the XXPolicyItemRowFilterInfo
+ * <ul>
+ * </ul>
+ *
+ */
+ @Id
+ @SequenceGenerator(name = "x_policy_item_rowfilter_SEQ", sequenceName = "x_policy_item_rowfilter_SEQ", allocationSize = 1)
+ @GeneratedValue(strategy = GenerationType.AUTO, generator = "x_policy_item_rowfilter_SEQ")
+ @Column(name = "id")
+ protected Long id;
+
+ /**
+ * policyItemId of the XXPolicyItemRowFilterInfo
+ * <ul>
+ * </ul>
+ *
+ */
+ @Column(name = "policy_item_id")
+ protected Long policyItemId;
+
+ /**
+ * filter_expr of the XXPolicyItemRowFilterInfo
+ * <ul>
+ * </ul>
+ *
+ */
+ @Column(name = "filter_expr")
+ protected String filterExpr;
+
+ /**
+ * This method sets the value to the member attribute <b> id</b> . You
+ * cannot set null to the attribute.
+ *
+ * @param id
+ * Value to set member attribute <b> id</b>
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ /**
+ * Returns the value for the member attribute <b>id</b>
+ *
+ * @return Long - value of member attribute <b>id</b> .
+ */
+ public Long getId() {
+ return this.id;
+ }
+
+ /**
+ * This method sets the value to the member attribute <b> policyItemId</b> .
+ * You cannot set null to the attribute.
+ *
+ * @param policyItemId
+ * Value to set member attribute <b> policyItemId</b>
+ */
+ public void setPolicyItemId(Long policyItemId) {
+ this.policyItemId = policyItemId;
+ }
+
+ /**
+ * Returns the value for the member attribute <b>policyItemId</b>
+ *
+ * @return Long - value of member attribute <b>policyItemId</b> .
+ */
+ public Long getPolicyItemId() {
+ return this.policyItemId;
+ }
+
+ /**
+ * This method sets the value to the member attribute <b> filterExpr</b> .
+ * You cannot set null to the attribute.
+ *
+ * @param filterExpr
+ * Value to set member attribute <b> filterExpr</b>
+ */
+ public void setFilterExpr(String filterExpr) {
+ this.filterExpr = filterExpr;
+ }
+
+ /**
+ * Returns the value for the member attribute <b>filterExpr</b>
+ *
+ * @return String - value of member attribute <b>filterExpr</b> .
+ */
+ public String getFilterExpr() {
+ return this.filterExpr;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals(Object obj) {
+ if (!super.equals(obj)) {
+ return false;
+ }
+ if (this == obj) {
+ return true;
+ }
+ if (!super.equals(obj)) {
+ return false;
+ }
+ if (getClass() != obj.getClass()) {
+ return false;
+ }
+ XXPolicyItemRowFilterInfo other = (XXPolicyItemRowFilterInfo) obj;
+ if (id == null) {
+ if (other.id != null) {
+ return false;
+ }
+ } else if (!id.equals(other.id)) {
+ return false;
+ }
+ if (filterExpr == null) {
+ if (other.filterExpr != null) {
+ return false;
+ }
+ } else if (!filterExpr.equals(other.filterExpr)) {
+ return false;
+ }
+ if (policyItemId == null) {
+ if (other.policyItemId != null) {
+ return false;
+ }
+ } else if (!policyItemId.equals(other.policyItemId)) {
+ return false;
+ }
+ return true;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see java.lang.Object#toString()
+ */
+ @Override
+ public String toString() {
+ return "XXPolicyItemDataMaskInfo [" + super.toString() + " id=" + id
+ + ", policyItemId=" + policyItemId + ", filterExpr=" + filterExpr + "]";
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c7f617b/security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java b/security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java
index 6679c35..28ee4e7 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java
@@ -238,6 +238,15 @@ public class XXResourceDef extends XXDBBase implements java.io.Serializable {
protected String dataMaskOptions;
/**
+ * rowFilterOptions of the XXAccessTypeDef
+ * <ul>
+ * </ul>
+ *
+ */
+ @Column(name = "rowfilter_options")
+ protected String rowFilterOptions;
+
+ /**
* This method sets the value to the member attribute <b> id</b> . You
* cannot set null to the attribute.
*
@@ -661,6 +670,10 @@ public class XXResourceDef extends XXDBBase implements java.io.Serializable {
this.dataMaskOptions = dataMaskOptions;
}
+ public String getRowFilterOptions() { return rowFilterOptions; }
+
+ public void setRowFilterOptions(String rowFilterOptions) { this.rowFilterOptions = rowFilterOptions; }
+
/*
* (non-Javadoc)
*
@@ -803,6 +816,13 @@ public class XXResourceDef extends XXDBBase implements java.io.Serializable {
} else if (!dataMaskOptions.equals(other.dataMaskOptions)) {
return false;
}
+ if (rowFilterOptions == null) {
+ if (other.rowFilterOptions != null) {
+ return false;
+ }
+ } else if (!rowFilterOptions.equals(other.rowFilterOptions)) {
+ return false;
+ }
return true;
}
@@ -829,6 +849,7 @@ public class XXResourceDef extends XXDBBase implements java.io.Serializable {
+ ", rbKeyValidationMessage=" + rbKeyValidationMessage
+ ", order=" + order
+ ", dataMaskOptions=" + dataMaskOptions
+ + ", rowFilterOptions=" + rowFilterOptions
+ "]";
}