You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/01/09 02:07:01 UTC
incubator-ranger git commit: RANGER-203: policy model updated to
support "impliedAccessGrants". HBase will leverege this feature to implicity
allow read/write/create accesses when the user/group has "admin" access.
Repository: incubator-ranger
Updated Branches:
refs/heads/stack 7a87f4d6c -> 82400d2b6
RANGER-203: policy model updated to support "impliedAccessGrants". HBase
will leverege this feature to implicity allow read/write/create accesses
when the user/group has "admin" access.
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/82400d2b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/82400d2b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/82400d2b
Branch: refs/heads/stack
Commit: 82400d2b60563bd143b3e795b636d8d401fc10a9
Parents: 7a87f4d
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Thu Jan 8 16:55:19 2015 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Thu Jan 8 16:55:19 2015 -0800
----------------------------------------------------------------------
.../ranger/plugin/model/RangerServiceDef.java | 47 ++--
.../RangerDefaultPolicyEvaluator.java | 79 ++++++
.../service-defs/ranger-servicedef-hbase.json | 2 +-
.../plugin/policyengine/TestPolicyEngine.java | 13 +-
.../policyengine/test_policyengine_01.json | 261 -------------------
.../policyengine/test_policyengine_hbase.json | 159 +++++++++++
.../policyengine/test_policyengine_hive.json | 261 +++++++++++++++++++
7 files changed, 540 insertions(+), 282 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/82400d2b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
index 0be4a8b..53bab5c 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
@@ -1023,21 +1023,21 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
public static class RangerAccessTypeDef implements java.io.Serializable {
private static final long serialVersionUID = 1L;
- private String name = null;
- private String label = null;
- private String rbKeyLabel = null;
- private Collection<String> impliedAccessTypes = null;
+ private String name = null;
+ private String label = null;
+ private String rbKeyLabel = null;
+ private Collection<String> impliedAccessGrants = null;
public RangerAccessTypeDef() {
this(null, null, null, null);
}
- public RangerAccessTypeDef(String name, String label, String rbKeyLabel, Collection<String> impliedAccessTypes) {
+ public RangerAccessTypeDef(String name, String label, String rbKeyLabel, Collection<String> impliedAccessGrants) {
setName(name);
setLabel(label);
setRbKeyLabel(rbKeyLabel);
- setImpliedAccessTypes(impliedAccessTypes);
+ setImpliedAccessGrants(impliedAccessGrants);
}
/**
@@ -1083,29 +1083,29 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
}
/**
- * @return the impliedAccessTypes
+ * @return the impliedAccessGrants
*/
- public Collection<String> getImpliedAccessTypes() {
- return impliedAccessTypes;
+ public Collection<String> getImpliedAccessGrants() {
+ return impliedAccessGrants;
}
/**
- * @param impliedAccessTypes the impliedAccessTypes to set
+ * @param impliedAccessGrants the impliedAccessGrants to set
*/
- public void setImpliedAccessTypes(Collection<String> impliedAccessTypes) {
- if(this.impliedAccessTypes == null) {
- this.impliedAccessTypes = new ArrayList<String>();
+ public void setImpliedAccessGrants(Collection<String> impliedAccessGrants) {
+ if(this.impliedAccessGrants == null) {
+ this.impliedAccessGrants = new ArrayList<String>();
}
- if(this.impliedAccessTypes == impliedAccessTypes) {
+ if(this.impliedAccessGrants == impliedAccessGrants) {
return;
}
- this.impliedAccessTypes.clear();
+ this.impliedAccessGrants.clear();
- if(impliedAccessTypes != null) {
- for(String impliedAccessType : impliedAccessTypes) {
- this.impliedAccessTypes.add(impliedAccessType);
+ if(impliedAccessGrants != null) {
+ for(String impliedAccessGrant : impliedAccessGrants) {
+ this.impliedAccessGrants.add(impliedAccessGrant);
}
}
}
@@ -1124,6 +1124,17 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
sb.append("name={").append(name).append("} ");
sb.append("label={").append(label).append("} ");
sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
+
+ sb.append("impliedAccessGrants={");
+ if(impliedAccessGrants != null) {
+ for(String impliedAccessGrant : impliedAccessGrants) {
+ if(impliedAccessGrant != null) {
+ sb.append(impliedAccessGrant).append(" ");
+ }
+ }
+ }
+ sb.append("} ");
+
sb.append("}");
return sb;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/82400d2b/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index a09a958..eaf343d 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -22,6 +22,7 @@ package org.apache.ranger.plugin.policyevaluator;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
@@ -33,6 +34,7 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
@@ -53,6 +55,8 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
LOG.debug("==> RangerDefaultPolicyEvaluator.init()");
}
+ preprocessPolicy(policy, serviceDef);
+
super.init(policy, serviceDef);
this.matchers = new HashMap<String, RangerResourceMatcher>();
@@ -372,4 +376,79 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
return sb;
}
+
+ private void preprocessPolicy(RangerPolicy policy, RangerServiceDef serviceDef) {
+ if(policy == null || CollectionUtils.isEmpty(policy.getPolicyItems()) || serviceDef == null) {
+ return;
+ }
+
+ Map<String, Collection<String>> impliedAccessGrants = getImpliedAccessGrants(serviceDef);
+
+ if(impliedAccessGrants == null || impliedAccessGrants.isEmpty()) {
+ return;
+ }
+
+ for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
+ if(CollectionUtils.isEmpty(policyItem.getAccesses())) {
+ continue;
+ }
+
+ for(Map.Entry<String, Collection<String>> e : impliedAccessGrants.entrySet()) {
+ String accessType = e.getKey();
+ Collection<String> impliedGrants = e.getValue();
+
+ RangerPolicyItemAccess access = getAccess(policyItem, accessType);
+
+ if(access == null) {
+ continue;
+ }
+
+ for(String impliedGrant : impliedGrants) {
+ RangerPolicyItemAccess impliedAccess = getAccess(policyItem, impliedGrant);
+
+ if(impliedAccess == null) {
+ impliedAccess = new RangerPolicyItemAccess(impliedGrant, access.getIsAllowed(), access.getIsAudited());
+
+ policyItem.getAccesses().add(impliedAccess);
+ } else {
+ if(! impliedAccess.getIsAllowed()) {
+ impliedAccess.setIsAllowed(access.getIsAllowed());
+ }
+
+ if(! impliedAccess.getIsAudited()) {
+ impliedAccess.setIsAudited(access.getIsAudited());
+ }
+ }
+ }
+ }
+ }
+ }
+
+ private Map<String, Collection<String>> getImpliedAccessGrants(RangerServiceDef serviceDef) {
+ Map<String, Collection<String>> ret = null;
+
+ if(serviceDef != null && !CollectionUtils.isEmpty(serviceDef.getAccessTypes())) {
+ for(RangerAccessTypeDef accessTypeDef : serviceDef.getAccessTypes()) {
+ if(!CollectionUtils.isEmpty(accessTypeDef.getImpliedAccessGrants())) {
+ if(ret == null) {
+ ret = new HashMap<String, Collection<String>>();
+ }
+
+ Collection<String> impliedAccessGrants = ret.get(accessTypeDef.getName());
+
+ if(impliedAccessGrants == null) {
+ impliedAccessGrants = new HashSet<String>();
+
+ ret.put(accessTypeDef.getName(), impliedAccessGrants);
+ }
+
+ for(String impliedAccessGrant : accessTypeDef.getImpliedAccessGrants()) {
+ impliedAccessGrants.add(impliedAccessGrant);
+ }
+ }
+ }
+ }
+
+ return ret;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/82400d2b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
index 00d7d70..6569b4e 100644
--- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
+++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
@@ -42,7 +42,7 @@
{"name":"read","label":"Read"},
{"name":"write","label":"Write"},
{"name":"create","label":"Create"},
- {"name":"admin","label":"Admin","impliedAccessTypes":["read","write","create"]}
+ {"name":"admin","label":"Admin","impliedAccessGrants":["read","write","create"]}
],
"policyConditions":
[
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/82400d2b/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
index 2447709..553a0d7 100644
--- a/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
+++ b/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
@@ -61,8 +61,17 @@ public class TestPolicyEngine {
}
@Test
- public void testPolicyEngine_01() {
- String filename = "/policyengine/test_policyengine_01.json";
+ public void testPolicyEngine_hive() {
+ String filename = "/policyengine/test_policyengine_hive.json";
+ InputStream inStream = this.getClass().getResourceAsStream(filename);
+ InputStreamReader reader = new InputStreamReader(inStream);
+
+ runTests(reader, filename);
+ }
+
+ @Test
+ public void testPolicyEngine_hbase() {
+ String filename = "/policyengine/test_policyengine_hbase.json";
InputStream inStream = this.getClass().getResourceAsStream(filename);
InputStreamReader reader = new InputStreamReader(inStream);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/82400d2b/plugin-common/src/test/resources/policyengine/test_policyengine_01.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/test/resources/policyengine/test_policyengine_01.json b/plugin-common/src/test/resources/policyengine/test_policyengine_01.json
deleted file mode 100644
index d4dcc55..0000000
--- a/plugin-common/src/test/resources/policyengine/test_policyengine_01.json
+++ /dev/null
@@ -1,261 +0,0 @@
-{
- "serviceName":"hivedev",
-
- "serviceDef":{
- "name":"hive",
- "id":3,
- "resources":[
- {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"},
- {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"},
- {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive UDF","description":"Hive UDF"},
- {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Column","description":"Hive Column"}
- ],
- "accessTypes":[
- {"name":"select","label":"Select"},
- {"name":"update","label":"Update"},
- {"name":"create","label":"Create"},
- {"name":"drop","label":"Drop"},
- {"name":"alter","label":"Alter"},
- {"name":"index","label":"Index"},
- {"name":"lock","label":"Lock"},
- {"name":"all","label":"All"}
- ]
- },
-
- "policies":[
- {"id":1,"name":"db=default: audit-all-access","isEnabled":true,"isAuditEnabled":true,
- "resources":{"database":{"values":["default"]},"table":{"values":["*"]},"column":{"values":["*"]}},
- "policyItems":[
- {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
- ]
- }
- ,
- {"id":2,"name":"db=default; table=test*; column=*","isEnabled":true,"isAuditEnabled":true,
- "resources":{"database":{"values":["default"]},"table":{"values":["test*"]},"column":{"values":["*"]}},
- "policyItems":[
- {"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false}
- ,
- {"accesses":[{"type":"create","isAllowed":true},{"type":"drop","isAllowed":true}],"users":["admin"],"groups":["admin"],"delegateAdmin":true}
- ]
- }
- ],
-
- "tests":[
- {"name":"ALLOW 'use default;' for user1",
- "request":{
- "resource":{"elements":{"database":"default"}},
- "accessTypes":[],"user":"user1","userGroups":["users"],"requestData":"use default"
- },
- "result":{"accessTypeResults":{"any":{"isAllowed":true,"isAudited":true,"policyId":2}}}
- }
- ,
- {"name":"ALLOW 'use default;' for user2",
- "request":{
- "resource":{"elements":{"database":"default"}},
- "accessTypes":[],"user":"user2","userGroups":["users"],"requestData":"use default"
- },
- "result":{"accessTypeResults":{"any":{"isAllowed":true,"isAudited":true,"policyId":2}}}
- }
- ,
- {"name":"DENY 'use default;' to user3",
- "request":{
- "resource":{"elements":{"database":"default"}},
- "accessTypes":[],"user":"user3","userGroups":["users"],"requestData":"use default"
- },
- "result":{"accessTypeResults":{"any":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
- }
- ,
- {"name":"ALLOW 'use default;' to group1",
- "request":{
- "resource":{"elements":{"database":"default"}},
- "accessTypes":[],"user":"user3","userGroups":["users", "group1"],"requestData":"use default"
- },
- "result":{"accessTypeResults":{"any":{"isAllowed":true,"isAudited":true,"policyId":2}}}
- }
- ,
- {"name":"ALLOW 'use default;' to group2",
- "request":{
- "resource":{"elements":{"database":"default"}},
- "accessTypes":[],"user":"user3","userGroups":["users", "group2"],"requestData":"use default"
- },
- "result":{"accessTypeResults":{"any":{"isAllowed":true,"isAudited":true,"policyId":2}}}
- }
- ,
- {"name":"DENY 'use default;' to user3/group3",
- "request":{
- "resource":{"elements":{"database":"default"}},
- "accessTypes":[],"user":"user3","userGroups":["users", "group3"],"requestData":"use default"
- },
- "result":{"accessTypeResults":{"any":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
- }
- ,
- {"name":"DENY 'use finance;' to user3/group3",
- "request":{
- "resource":{"elements":{"database":"finance"}},
- "accessTypes":[],"user":"user1","userGroups":["users"],"requestData":"use finance"
- },
- "result":{"accessTypeResults":{"any":{"isAllowed":false,"isAudited":false,"policyId":-1}}}
- }
- ,
- {"name":"ALLOW 'select col1 from default.testtable;' to user1",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
- "accessTypes":["select"],"user":"user1","userGroups":["users"],"requestData":"select col1 from default.testtable"
- },
- "result":{"accessTypeResults":{"select":{"isAllowed":true,"isAudited":true,"policyId":2}}}
- }
- ,
- {"name":"ALLOW 'select col1 from default.testtable;' to user2",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
- "accessTypes":["select"],"user":"user2","userGroups":["users"],"requestData":"select col1 from default.testtable"
- },
- "result":{"accessTypeResults":{"select":{"isAllowed":true,"isAudited":true,"policyId":2}}}
- }
- ,
- {"name":"DENY 'select col1 from default.testtable;' to user3",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
- "accessTypes":["select"],"user":"user3","userGroups":["users"],"requestData":"select col1 from default.testtable"
- },
- "result":{"accessTypeResults":{"select":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
- }
- ,
- {"name":"ALLOW 'select col1 from default.testtable;' to group1",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
- "accessTypes":["select"],"user":"user3","userGroups":["users","group1"],"requestData":"select col1 from default.testtable"
- },
- "result":{"accessTypeResults":{"select":{"isAllowed":true,"isAudited":true,"policyId":2}}}
- }
- ,
- {"name":"ALLOW 'select col1 from default.testtable;' to group2",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
- "accessTypes":["select"],"user":"user3","userGroups":["users","group2"],"requestData":"select col1 from default.testtable"
- },
- "result":{"accessTypeResults":{"select":{"isAllowed":true,"isAudited":true,"policyId":2}}}
- }
- ,
- {"name":"DENY 'select col1 from default.testtable;' to user3/group3",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
- "accessTypes":["select"],"user":"user3","userGroups":["users","group3"],"requestData":"select col1 from default.testtable"
- },
- "result":{"accessTypeResults":{"select":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
- }
- ,
- {"name":"DENY 'select col1 from default.table1;' to user1",
- "request":{
- "resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
- "accessTypes":["select"],"user":"user1","userGroups":["users"],"requestData":"select col1 from default.table1"
- },
- "result":{"accessTypeResults":{"select":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
- }
- ,
- {"name":"DENY 'create table default.testtable1;' to user1",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable1"}},
- "accessTypes":["create"],"user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
- },
- "result":{"accessTypeResults":{"create":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
- }
- ,
- {"name":"DENY 'create table default.testtable1;' to user1/group1",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable1"}},
- "accessTypes":["create"],"user":"user1","userGroups":["users","group1"],"requestData":"create table default.testtable1"
- },
- "result":{"accessTypeResults":{"create":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
- }
- ,
- {"name":"ALLOW 'create table default.testtable1;' to admin",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable1"}},
- "accessTypes":["create"],"user":"admin","userGroups":["users"],"requestData":"create table default.testtable1"
- },
- "result":{"accessTypeResults":{"create":{"isAllowed":true,"isAudited":true,"policyId":2}}}
- }
- ,
- {"name":"ALLOW 'create table default.testtable1;' to user1/admin",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable1"}},
- "accessTypes":["create"],"user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
- },
- "result":{"accessTypeResults":{"create":{"isAllowed":true,"isAudited":true,"policyId":2}}}
- }
- ,
- {"name":"DENY 'drop table default.testtable1;' to user1",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable1"}},
- "accessTypes":["drop"],"user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
- },
- "result":{"accessTypeResults":{"drop":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
- }
- ,
- {"name":"DENY 'drop table default.testtable1;' to user1/group1",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable1"}},
- "accessTypes":["drop"],"user":"user1","userGroups":["users","group1"],"requestData":"drop table default.testtable1"
- },
- "result":{"accessTypeResults":{"drop":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
- }
- ,
- {"name":"ALLOW 'drop table default.testtable1;' to admin",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable1"}},
- "accessTypes":["drop"],"user":"admin","userGroups":["users"],"requestData":"drop table default.testtable1"
- },
- "result":{"accessTypeResults":{"drop":{"isAllowed":true,"isAudited":true,"policyId":2}}}
- }
- ,
- {"name":"ALLOW 'drop table default.testtable1;' to user1/admin",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable1"}},
- "accessTypes":["drop"],"user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
- },
- "result":{"accessTypeResults":{"drop":{"isAllowed":true,"isAudited":true,"policyId":2}}}
- }
- ,
- {"name":"DENY 'create table default.table1;' to user1",
- "request":{
- "resource":{"elements":{"database":"default","table":"table1"}},
- "accessTypes":["create"],"user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
- },
- "result":{"accessTypeResults":{"create":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
- }
- ,
- {"name":"DENY 'create table default.table1;' to user1/admin",
- "request":{
- "resource":{"elements":{"database":"default","table":"table1"}},
- "accessTypes":["create"],"user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
- },
- "result":{"accessTypeResults":{"create":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
- }
- ,
- {"name":"DENY 'drop table default.table1;' to user1",
- "request":{
- "resource":{"elements":{"database":"default","table":"table1"}},
- "accessTypes":["drop"],"user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
- },
- "result":{"accessTypeResults":{"drop":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
- }
- ,
- {"name":"DENY 'drop table default.table1;' to user1/admin",
- "request":{
- "resource":{"elements":{"database":"default","table":"table1"}},
- "accessTypes":["drop"],"user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
- },
- "result":{"accessTypeResults":{"drop":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
- }
- ,
- {"name":"DENY 'select col1 from default.table1;' to user3",
- "request":{
- "resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
- "accessTypes":["select"],"user":"user3","userGroups":["users"],"requestData":"select col1 from default.table1"
- },
- "result":{"accessTypeResults":{"select":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
- }
- ]
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/82400d2b/plugin-common/src/test/resources/policyengine/test_policyengine_hbase.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/test/resources/policyengine/test_policyengine_hbase.json b/plugin-common/src/test/resources/policyengine/test_policyengine_hbase.json
new file mode 100644
index 0000000..48c684d
--- /dev/null
+++ b/plugin-common/src/test/resources/policyengine/test_policyengine_hbase.json
@@ -0,0 +1,159 @@
+{
+ "serviceName":"hbasedev",
+
+ "serviceDef":{
+ "name":"hbase",
+ "id":2,
+ "resources":[
+ {"name":"table","level":1,"parent":"","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Table","description":"HBase Table"},
+ {"name":"column-family","level":2,"table":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column-Family","description":"HBase Column-Family"},
+ {"name":"column","level":3,"parent":"column-family","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column","description":"HBase Column"}
+ ],
+ "accessTypes":[
+ {"name":"read","label":"Read"},
+ {"name":"write","label":"Write"},
+ {"name":"create","label":"Create"},
+ {"name":"admin","label":"Admin","impliedAccessGrants":["read","write","create"]}
+ ]
+ },
+
+ "policies":[
+ {"id":1,"name":"table=finance; column-family=restricted*: audit-all-access","isEnabled":true,"isAuditEnabled":true,
+ "resources":{"table":{"values":["finance"]},"column-family":{"values":["restricted*"]}},
+ "policyItems":[
+ {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
+ ]
+ }
+ ,
+ {"id":2,"name":"table=finance; column-family=restricted*","isEnabled":true,"isAuditEnabled":true,
+ "resources":{"table":{"values":["finance"]},"column-family":{"values":["restricted*"]}},
+ "policyItems":[
+ {"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true}],"users":[],"groups":["finance"],"delegateAdmin":false}
+ ,
+ {"accesses":[{"type":"admin","isAllowed":true}],"users":[],"groups":["finance-admin"],"delegateAdmin":true}
+ ]
+ }
+ ,
+ {"id":3,"name":"table=*; column-family=<excluding>restricted*","isEnabled":true,"isAuditEnabled":false,
+ "resources":{"table":{"values":["*"]},"column-family":{"values":["restricted*"],"isExcludes":true}},
+ "policyItems":[
+ {"accesses":[{"type":"read","isAllowed":true}],"users":[],"groups":["public"],"delegateAdmin":false}
+ ]
+ }
+ ],
+
+ "tests":[
+ {"name":"ALLOW 'scan finance restricted-cf;' for finance",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessTypes":["read"],"user":"user1","userGroups":["users","finance"],"requestData":"scan finance restricted-cf"
+ },
+ "result":{"accessTypeResults":{"read":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"ALLOW 'put finance restricted-cf;' for finance",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessTypes":["write"],"user":"user1","userGroups":["users","finance"],"requestData":"put finance restricted-cf"
+ },
+ "result":{"accessTypeResults":{"write":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"DENY 'create finance restricted-cf;' for finance",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessTypes":["create"],"user":"user1","userGroups":["users","finance"],"requestData":"create finance restricted-cf"
+ },
+ "result":{"accessTypeResults":{"create":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"DENY 'grant finance restricted-cf;' for finance",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessTypes":["admin"],"user":"user1","userGroups":["users","finance"],"requestData":"grant finance restricted-cf"
+ },
+ "result":{"accessTypeResults":{"admin":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"DENY 'scan finance restricted-cf;' for user1",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessTypes":["read"],"user":"user1","userGroups":["users"],"requestData":"scan finance restricted-cf"
+ },
+ "result":{"accessTypeResults":{"read":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"DENY 'put finance restricted-cf;' for user1",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessTypes":["write"],"user":"user1","userGroups":["users"],"requestData":"put finance restricted-cf"
+ },
+ "result":{"accessTypeResults":{"write":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"DENY 'create finance restricted-cf;' for user1",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessTypes":["create"],"user":"user1","userGroups":["users"],"requestData":"create finance restricted-cf"
+ },
+ "result":{"accessTypeResults":{"create":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"DENY 'grant finance restricted-cf;' for user1",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessTypes":["admin"],"user":"user1","userGroups":["users"],"requestData":"grant finance restricted-cf"
+ },
+ "result":{"accessTypeResults":{"admin":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"ALLOW 'scan finance restricted-cf;' for finance-admin",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessTypes":["read"],"user":"user1","userGroups":["users","finance-admin"],"requestData":"scan finance restricted-cf"
+ },
+ "result":{"accessTypeResults":{"read":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"ALLOW 'put finance restricted-cf;' for finance-admin",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessTypes":["write"],"user":"user1","userGroups":["users","finance-admin"],"requestData":"put finance restricted-cf"
+ },
+ "result":{"accessTypeResults":{"write":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"ALLOW 'create finance restricted-cf;' for finance-admin",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessTypes":["create"],"user":"user1","userGroups":["users","finance-admin"],"requestData":"create finance restricted-cf"
+ },
+ "result":{"accessTypeResults":{"create":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"ALLOW 'grant finance restricted-cf;' for finance-admin",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessTypes":["admin"],"user":"user1","userGroups":["users","finance-admin"],"requestData":"grant finance restricted-cf"
+ },
+ "result":{"accessTypeResults":{"admin":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"ALLOW 'scan finance regular-cf;' for user1",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"regular-cf"}},
+ "accessTypes":["read"],"user":"user1","userGroups":["users"],"requestData":"scan finance regular-cf"
+ },
+ "result":{"accessTypeResults":{"read":{"isAllowed":true,"isAudited":false,"policyId":3}}}
+ }
+ ,
+ {"name":"DENY 'put finance regular-cf;' for user1",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"regular-cf"}},
+ "accessTypes":["write"],"user":"user1","userGroups":["users"],"requestData":"put finance regular-cf"
+ },
+ "result":{"accessTypeResults":{"write":{"isAllowed":false,"isAudited":false,"policyId":-1}}}
+ }
+ ]
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/82400d2b/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json b/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json
new file mode 100644
index 0000000..d4dcc55
--- /dev/null
+++ b/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json
@@ -0,0 +1,261 @@
+{
+ "serviceName":"hivedev",
+
+ "serviceDef":{
+ "name":"hive",
+ "id":3,
+ "resources":[
+ {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"},
+ {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"},
+ {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive UDF","description":"Hive UDF"},
+ {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Column","description":"Hive Column"}
+ ],
+ "accessTypes":[
+ {"name":"select","label":"Select"},
+ {"name":"update","label":"Update"},
+ {"name":"create","label":"Create"},
+ {"name":"drop","label":"Drop"},
+ {"name":"alter","label":"Alter"},
+ {"name":"index","label":"Index"},
+ {"name":"lock","label":"Lock"},
+ {"name":"all","label":"All"}
+ ]
+ },
+
+ "policies":[
+ {"id":1,"name":"db=default: audit-all-access","isEnabled":true,"isAuditEnabled":true,
+ "resources":{"database":{"values":["default"]},"table":{"values":["*"]},"column":{"values":["*"]}},
+ "policyItems":[
+ {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
+ ]
+ }
+ ,
+ {"id":2,"name":"db=default; table=test*; column=*","isEnabled":true,"isAuditEnabled":true,
+ "resources":{"database":{"values":["default"]},"table":{"values":["test*"]},"column":{"values":["*"]}},
+ "policyItems":[
+ {"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false}
+ ,
+ {"accesses":[{"type":"create","isAllowed":true},{"type":"drop","isAllowed":true}],"users":["admin"],"groups":["admin"],"delegateAdmin":true}
+ ]
+ }
+ ],
+
+ "tests":[
+ {"name":"ALLOW 'use default;' for user1",
+ "request":{
+ "resource":{"elements":{"database":"default"}},
+ "accessTypes":[],"user":"user1","userGroups":["users"],"requestData":"use default"
+ },
+ "result":{"accessTypeResults":{"any":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"ALLOW 'use default;' for user2",
+ "request":{
+ "resource":{"elements":{"database":"default"}},
+ "accessTypes":[],"user":"user2","userGroups":["users"],"requestData":"use default"
+ },
+ "result":{"accessTypeResults":{"any":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"DENY 'use default;' to user3",
+ "request":{
+ "resource":{"elements":{"database":"default"}},
+ "accessTypes":[],"user":"user3","userGroups":["users"],"requestData":"use default"
+ },
+ "result":{"accessTypeResults":{"any":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"ALLOW 'use default;' to group1",
+ "request":{
+ "resource":{"elements":{"database":"default"}},
+ "accessTypes":[],"user":"user3","userGroups":["users", "group1"],"requestData":"use default"
+ },
+ "result":{"accessTypeResults":{"any":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"ALLOW 'use default;' to group2",
+ "request":{
+ "resource":{"elements":{"database":"default"}},
+ "accessTypes":[],"user":"user3","userGroups":["users", "group2"],"requestData":"use default"
+ },
+ "result":{"accessTypeResults":{"any":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"DENY 'use default;' to user3/group3",
+ "request":{
+ "resource":{"elements":{"database":"default"}},
+ "accessTypes":[],"user":"user3","userGroups":["users", "group3"],"requestData":"use default"
+ },
+ "result":{"accessTypeResults":{"any":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"DENY 'use finance;' to user3/group3",
+ "request":{
+ "resource":{"elements":{"database":"finance"}},
+ "accessTypes":[],"user":"user1","userGroups":["users"],"requestData":"use finance"
+ },
+ "result":{"accessTypeResults":{"any":{"isAllowed":false,"isAudited":false,"policyId":-1}}}
+ }
+ ,
+ {"name":"ALLOW 'select col1 from default.testtable;' to user1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+ "accessTypes":["select"],"user":"user1","userGroups":["users"],"requestData":"select col1 from default.testtable"
+ },
+ "result":{"accessTypeResults":{"select":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"ALLOW 'select col1 from default.testtable;' to user2",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+ "accessTypes":["select"],"user":"user2","userGroups":["users"],"requestData":"select col1 from default.testtable"
+ },
+ "result":{"accessTypeResults":{"select":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"DENY 'select col1 from default.testtable;' to user3",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+ "accessTypes":["select"],"user":"user3","userGroups":["users"],"requestData":"select col1 from default.testtable"
+ },
+ "result":{"accessTypeResults":{"select":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"ALLOW 'select col1 from default.testtable;' to group1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+ "accessTypes":["select"],"user":"user3","userGroups":["users","group1"],"requestData":"select col1 from default.testtable"
+ },
+ "result":{"accessTypeResults":{"select":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"ALLOW 'select col1 from default.testtable;' to group2",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+ "accessTypes":["select"],"user":"user3","userGroups":["users","group2"],"requestData":"select col1 from default.testtable"
+ },
+ "result":{"accessTypeResults":{"select":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"DENY 'select col1 from default.testtable;' to user3/group3",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+ "accessTypes":["select"],"user":"user3","userGroups":["users","group3"],"requestData":"select col1 from default.testtable"
+ },
+ "result":{"accessTypeResults":{"select":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"DENY 'select col1 from default.table1;' to user1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
+ "accessTypes":["select"],"user":"user1","userGroups":["users"],"requestData":"select col1 from default.table1"
+ },
+ "result":{"accessTypeResults":{"select":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"DENY 'create table default.testtable1;' to user1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable1"}},
+ "accessTypes":["create"],"user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
+ },
+ "result":{"accessTypeResults":{"create":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"DENY 'create table default.testtable1;' to user1/group1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable1"}},
+ "accessTypes":["create"],"user":"user1","userGroups":["users","group1"],"requestData":"create table default.testtable1"
+ },
+ "result":{"accessTypeResults":{"create":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"ALLOW 'create table default.testtable1;' to admin",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable1"}},
+ "accessTypes":["create"],"user":"admin","userGroups":["users"],"requestData":"create table default.testtable1"
+ },
+ "result":{"accessTypeResults":{"create":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"ALLOW 'create table default.testtable1;' to user1/admin",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable1"}},
+ "accessTypes":["create"],"user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
+ },
+ "result":{"accessTypeResults":{"create":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"DENY 'drop table default.testtable1;' to user1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable1"}},
+ "accessTypes":["drop"],"user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
+ },
+ "result":{"accessTypeResults":{"drop":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"DENY 'drop table default.testtable1;' to user1/group1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable1"}},
+ "accessTypes":["drop"],"user":"user1","userGroups":["users","group1"],"requestData":"drop table default.testtable1"
+ },
+ "result":{"accessTypeResults":{"drop":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"ALLOW 'drop table default.testtable1;' to admin",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable1"}},
+ "accessTypes":["drop"],"user":"admin","userGroups":["users"],"requestData":"drop table default.testtable1"
+ },
+ "result":{"accessTypeResults":{"drop":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"ALLOW 'drop table default.testtable1;' to user1/admin",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable1"}},
+ "accessTypes":["drop"],"user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
+ },
+ "result":{"accessTypeResults":{"drop":{"isAllowed":true,"isAudited":true,"policyId":2}}}
+ }
+ ,
+ {"name":"DENY 'create table default.table1;' to user1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"table1"}},
+ "accessTypes":["create"],"user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
+ },
+ "result":{"accessTypeResults":{"create":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"DENY 'create table default.table1;' to user1/admin",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"table1"}},
+ "accessTypes":["create"],"user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
+ },
+ "result":{"accessTypeResults":{"create":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"DENY 'drop table default.table1;' to user1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"table1"}},
+ "accessTypes":["drop"],"user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
+ },
+ "result":{"accessTypeResults":{"drop":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"DENY 'drop table default.table1;' to user1/admin",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"table1"}},
+ "accessTypes":["drop"],"user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
+ },
+ "result":{"accessTypeResults":{"drop":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ,
+ {"name":"DENY 'select col1 from default.table1;' to user3",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
+ "accessTypes":["select"],"user":"user3","userGroups":["users"],"requestData":"select col1 from default.table1"
+ },
+ "result":{"accessTypeResults":{"select":{"isAllowed":false,"isAudited":true,"policyId":-1}}}
+ }
+ ]
+}
+