This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 39805972b RANGER-5204: RangerBasePlugin test (#568)
39805972b is described below
commit 39805972b9578b324d567433762b8e2745718cac
Author: Vyom Mani Tiwari <[email protected]>
AuthorDate: Mon May 19 20:59:35 2025 +0530
RANGER-5204: RangerBasePlugin test (#568)
---
.../plugin/policyengine/RangerAdminClientImpl.java | 78 ++
.../plugin/policyengine/RangerBasePluginTest.java | 274 ++++
.../policyengine/hbase-test-policies.json | 489 +++++++
.../policyengine/ranger-hbase-security.xml | 49 +
.../policyengine/ranger-servicedef-hbase.json | 83 ++
.../policyengine/ranger-servicedef-tag.json | 70 +
.../policyengine/test_base_plugin_hbase.json | 1445 ++++++++++++++++++++
.../policyengine/updated-hbase-test-policies.json | 193 +++
8 files changed, 2681 insertions(+)
diff --git
a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/RangerAdminClientImpl.java
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/RangerAdminClientImpl.java
new file mode 100644
index 000000000..22dcb271c
--- /dev/null
+++
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/RangerAdminClientImpl.java
@@ -0,0 +1,78 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ranger.plugin.policyengine;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.ranger.admin.client.AbstractRangerAdminClient;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.util.ServicePolicies;
+
+import java.io.File;
+import java.nio.charset.Charset;
+import java.nio.file.FileSystems;
+import java.nio.file.Files;
+
+public class RangerAdminClientImpl extends AbstractRangerAdminClient {
+ private static final String RANGER_TEST_BASEDIR =
"RANGER_TEST_BASEDIR";
+ private static final String POLICIES_FILEPATH =
"/src/test/resources/policyengine/hbase-test-policies.json";
+ private static final String UPDATED_POLICIES_FILEPATH =
"/src/test/resources/policyengine/updated-hbase-test-policies.json";
+ private static final String SERVICE_DEF_FILENAME =
"/src/test/resources/policyengine/ranger-servicedef-hbase.json";
+ private static final String TAG_SERVICE_DEF_FILENAME =
"/src/test/resources/policyengine/ranger-servicedef-tag.json";
+
+ @SuppressWarnings("unused")
+ private String serviceName;
+
+ @SuppressWarnings("unused")
+ private String appId;
+
+ private volatile boolean isLoadPolicyDelta;
+
+ @Override
+ public void init(String serviceName, String appId, String
configPropertyPrefix, Configuration config) {
+ super.init(serviceName, appId, configPropertyPrefix, config);
+
+ this.serviceName = serviceName;
+ this.appId = appId;
+ }
+
+ @Override
+ public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion,
long lastActivationTimeInMillis) throws Exception {
+ String basedir = System.getProperty(RANGER_TEST_BASEDIR);
+
+ if (basedir == null) {
+ basedir = new File(".").getCanonicalPath();
+ }
+
+ byte[] policiesBytes =
Files.readAllBytes(FileSystems.getDefault().getPath(basedir, isLoadPolicyDelta
? UPDATED_POLICIES_FILEPATH : POLICIES_FILEPATH));
+ byte[] serviceDefBytes =
Files.readAllBytes(FileSystems.getDefault().getPath(basedir,
SERVICE_DEF_FILENAME));
+ byte[] tagServiceDefBytes =
Files.readAllBytes(FileSystems.getDefault().getPath(basedir,
TAG_SERVICE_DEF_FILENAME));
+ ServicePolicies ret = gson.fromJson(new
String(policiesBytes, Charset.defaultCharset()), ServicePolicies.class);
+ RangerServiceDef serviceDef = gson.fromJson(new
String(serviceDefBytes, Charset.defaultCharset()), RangerServiceDef.class);
+ RangerServiceDef tagServiceDef = gson.fromJson(new
String(tagServiceDefBytes, Charset.defaultCharset()), RangerServiceDef.class);
+
+ ret.setServiceDef(serviceDef);
+
+ if (ret.getTagPolicies() == null) {
+ ret.setTagPolicies(new ServicePolicies.TagPolicies());
+ }
+
+ ret.getTagPolicies().setServiceDef(tagServiceDef);
+
+ if (!isLoadPolicyDelta) {
+ isLoadPolicyDelta = true;
+ }
+
+ return ret;
+ }
+}
diff --git
a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/RangerBasePluginTest.java
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/RangerBasePluginTest.java
new file mode 100644
index 000000000..4732142d8
--- /dev/null
+++
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/RangerBasePluginTest.java
@@ -0,0 +1,274 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonDeserializationContext;
+import com.google.gson.JsonDeserializer;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonParseException;
+import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.service.RangerBasePlugin;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
+import org.apache.ranger.plugin.util.RangerRoles;
+import org.apache.ranger.plugin.util.RangerUserStore;
+import org.apache.ranger.plugin.util.ServiceDefUtil;
+import org.apache.ranger.plugin.util.ServiceGdsInfo;
+import org.apache.ranger.plugin.util.ServicePolicies;
+import org.apache.ranger.plugin.util.ServiceTags;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.lang.reflect.Type;
+import java.nio.file.FileSystems;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.TreeSet;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.fail;
+
+public class RangerBasePluginTest {
+ private static final String RANGER_SERVICE_TYPE = "hbase";
+ private static final String RANGER_APP_ID = "hbase";
+ private static final String RANGER_DEFAULT_SERVICE_NAME =
"cm_hbase";
+ private static final String TEST_JSON =
"/policyengine/test_base_plugin_hbase.json";
+ private static final String RANGER_DEFAULT_SECURITY_CONF =
"/target/test-classes/policyengine/ranger-hbase-security.xml";
+ private static final String RANGER_DEFAULT_AUDIT_CONF =
"/target/test-classes/policyengine/ranger-trino-audit.xml";
+ private static final String RANGER_DEFAULT_POLICY_MGR_SSL_CONF =
"/target/test-classes/policyengine/ranger-policymgr-ssl.xml";
+ private static final String MESSAGE = "The
failed count being zero suggests one of two possibilities: " +
+ "1. The PolicyRefresher might not be starting correctly. " +
+ "2. There might be a race condition in our code, preventing the
policy engine modifications from being reflected in RangerBasePlugin.";
+
+ private static Gson gsonBuilder;
+ private static RangerBasePlugin rangerBasePlugin;
+
+ @BeforeClass
+ public static void setUpBeforeClass() throws Exception {
+ gsonBuilder = new
GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z")
+ .setPrettyPrinting()
+ .registerTypeAdapter(RangerAccessRequest.class, new
RangerAccessRequestDeserializer())
+ .registerTypeAdapter(RangerAccessResource.class, new
RangerResourceDeserializer())
+ .create();
+
+ RangerPolicyEngineOptions peOptions = new
RangerPolicyEngineOptions();
+ RangerPluginConfig pluginConfig = new
RangerPluginConfig(RANGER_SERVICE_TYPE, RANGER_DEFAULT_SERVICE_NAME,
RANGER_APP_ID, "cl1", "on-perm", peOptions);
+ String basedir = new
File(".").getCanonicalPath();
+
+
pluginConfig.addResourceIfReadable(FileSystems.getDefault().getPath(basedir,
RANGER_DEFAULT_AUDIT_CONF).toString());
+
pluginConfig.addResourceIfReadable(FileSystems.getDefault().getPath(basedir,
RANGER_DEFAULT_SECURITY_CONF).toString());
+
pluginConfig.addResourceIfReadable(FileSystems.getDefault().getPath(basedir,
RANGER_DEFAULT_POLICY_MGR_SSL_CONF).toString());
+
pluginConfig.getProperties().put("ranger.plugin.hbase.supports.in.place.policy.updates",
"true");
+
pluginConfig.getProperties().put("ranger.plugin.hbase.supports.policy.deltas",
"true");
+
+ rangerBasePlugin = new RangerBasePlugin(pluginConfig);
+
+ rangerBasePlugin.init();
+ }
+
+ @Test
+ @SuppressWarnings("PMD")
+ public void testCanSetUserOperations() throws Exception {
+ runTestsFromResourceFile();
+ }
+
+ private void runTestsFromResourceFile() throws Exception {
+ InputStream inStream =
this.getClass().getResourceAsStream(TEST_JSON);
+ InputStreamReader reader = new InputStreamReader(inStream);
+
+ runTests(reader);
+ }
+
+ private void runTests(Reader reader) throws Exception {
+ RangerBasePluginTestCase testCase = readTestCase(reader);
+
+ assertNotNull("testCase was null", testCase);
+ assertNotNull("testCase.policies was null", testCase.policies);
+ assertNotNull("testCase.tags was null", testCase.tags);
+ assertNotNull("testCase.roles was null", testCase.roles);
+ assertNotNull("testCase.userStore was null", testCase.userStore);
+ assertNotNull("testCase.gdsInfo was null", testCase.gdsInfo);
+ assertNotNull("testCase.tests was null", testCase.tests);
+
+ int failedCount = 0;
+
+ for (int count = 0; count < 10000; count++) {
+ for (TestData test : testCase.tests) {
+ RangerAccessRequest request = test.request;
+
+ try {
+ if (test.result != null) {
+ RangerAccessResult result =
rangerBasePlugin.isAccessAllowed(request);
+
+ assertNotNull("result was null! - " + test.name,
result);
+ assertEquals("isAllowed mismatched! - " + test.name,
test.result.getIsAllowed(), result.getIsAllowed());
+ assertEquals("isAccessDetermined mismatched! - " +
test.name, test.result.getIsAccessDetermined(), result.getIsAccessDetermined());
+ assertEquals("isAllowed mismatched! - " + test.name,
test.result.getPolicyId(), result.getPolicyId());
+ }
+ } catch (Error e) {
+ // The PolicyRefresher modifies the policy, so it's
expected that tests for the modified policy would fail.
+ if (test.result.getPolicyId() == 821) {
+ failedCount++;
+ } else {
+ throw e;
+ }
+ }
+ }
+
+ if (failedCount >= 30) {
+ break;
+ }
+
+ Thread.sleep(20);
+ }
+
+ if (failedCount == 0) {
+ fail(MESSAGE);
+ }
+ }
+
+ private RangerBasePluginTestCase readTestCase(Reader reader) throws
Exception {
+ RangerBasePluginTestCase testCase = gsonBuilder.fromJson(reader,
RangerBasePluginTestCase.class);
+
+ if (StringUtils.isNotBlank(testCase.policiesFilename)) {
+ InputStream inStream =
this.getClass().getResourceAsStream(testCase.policiesFilename);
+
+ testCase.policies = gsonBuilder.fromJson(new
InputStreamReader(inStream), ServicePolicies.class);
+ }
+
+ if (StringUtils.isNotBlank(testCase.tagsFilename)) {
+ InputStream inStream =
this.getClass().getResourceAsStream(testCase.tagsFilename);
+
+ testCase.tags = gsonBuilder.fromJson(new
InputStreamReader(inStream), ServiceTags.class);
+ }
+
+ if (StringUtils.isNotBlank(testCase.rolesFilename)) {
+ InputStream inStream =
this.getClass().getResourceAsStream(testCase.rolesFilename);
+
+ testCase.roles = gsonBuilder.fromJson(new
InputStreamReader(inStream), RangerRoles.class);
+ }
+
+ if (StringUtils.isNotBlank(testCase.userStoreFilename)) {
+ InputStream inStream =
this.getClass().getResourceAsStream(testCase.userStoreFilename);
+
+ testCase.userStore = gsonBuilder.fromJson(new
InputStreamReader(inStream), RangerUserStore.class);
+ }
+
+ if (StringUtils.isNotBlank(testCase.gdsInfoFilename)) {
+ InputStream inStream =
this.getClass().getResourceAsStream(testCase.gdsInfoFilename);
+
+ testCase.gdsInfo = gsonBuilder.fromJson(new
InputStreamReader(inStream), ServiceGdsInfo.class);
+
+ if (testCase.gdsInfo != null &&
testCase.gdsInfo.getGdsServiceDef() == null) {
+ RangerServiceDef gdsServiceDef =
EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_GDS_NAME);
+
+ testCase.gdsInfo.setGdsServiceDef(gdsServiceDef);
+ }
+ }
+
+ if (testCase.policies != null && testCase.policies.getServiceDef() !=
null) {
+
testCase.policies.getServiceDef().setMarkerAccessTypes(ServiceDefUtil.getMarkerAccessTypes(testCase.policies.getServiceDef().getAccessTypes()));
+ }
+
+ return testCase;
+ }
+
+ static class RangerBasePluginTestCase {
+ public ServicePolicies policies;
+ public ServiceTags tags;
+ public RangerRoles roles;
+ public RangerUserStore userStore;
+ public ServiceGdsInfo gdsInfo;
+ public String policiesFilename;
+ public String tagsFilename;
+ public String rolesFilename;
+ public String userStoreFilename;
+ public String gdsInfoFilename;
+ public List<TestData> tests;
+ }
+
+ static class TestData {
+ public String name;
+ public RangerAccessRequest request;
+ public RangerAccessResult result;
+ public RangerResourceACLs acls;
+ }
+
+ static class RangerAccessRequestDeserializer implements
JsonDeserializer<RangerAccessRequest> {
+ @Override
+ public RangerAccessRequest deserialize(JsonElement jsonObj, Type type,
JsonDeserializationContext context) throws JsonParseException {
+ RangerAccessRequestImpl ret = gsonBuilder.fromJson(jsonObj,
RangerAccessRequestImpl.class);
+
+ ret.setAccessType(ret.getAccessType()); // to force computation of
isAccessTypeAny and isAccessTypeDelegatedAdmin
+
+ if (ret.getAccessTime() == null) {
+ ret.setAccessTime(new Date());
+ }
+
+ Map<String, Object> reqContext = ret.getContext();
+ Object accessTypes =
reqContext.get(RangerAccessRequestUtil.KEY_CONTEXT_ALL_ACCESSTYPES);
+
+ if (accessTypes != null) {
+ Collection<String> accessTypesCollection =
(Collection<String>) accessTypes;
+ Set<String> requestedAccesses = new
TreeSet<>(accessTypesCollection);
+
+
ret.getContext().put(RangerAccessRequestUtil.KEY_CONTEXT_ALL_ACCESSTYPES,
requestedAccesses);
+ }
+
+ Object accessTypeGroups =
reqContext.get(RangerAccessRequestUtil.KEY_CONTEXT_ALL_ACCESSTYPE_GROUPS);
+
+ if (accessTypeGroups != null) {
+ Set<Set<String>> setOfAccessTypeGroups = new HashSet<>();
+ List<Object> listOfAccessTypeGroups = (List<Object>)
accessTypeGroups;
+
+ for (Object accessTypeGroup : listOfAccessTypeGroups) {
+ List<String> accesses = (List<String>) accessTypeGroup;
+ Set<String> setOfAccesses = new TreeSet<>(accesses);
+
+ setOfAccessTypeGroups.add(setOfAccesses);
+ }
+
+
reqContext.put(RangerAccessRequestUtil.KEY_CONTEXT_ALL_ACCESSTYPE_GROUPS,
setOfAccessTypeGroups);
+ }
+
+ return ret;
+ }
+ }
+
+ static class RangerResourceDeserializer implements
JsonDeserializer<RangerAccessResource> {
+ @Override
+ public RangerAccessResource deserialize(JsonElement jsonObj, Type
type, JsonDeserializationContext context) throws JsonParseException {
+ return gsonBuilder.fromJson(jsonObj,
RangerAccessResourceImpl.class);
+ }
+ }
+}
diff --git
a/agents-common/src/test/resources/policyengine/hbase-test-policies.json
b/agents-common/src/test/resources/policyengine/hbase-test-policies.json
new file mode 100644
index 000000000..c0ee29a81
--- /dev/null
+++ b/agents-common/src/test/resources/policyengine/hbase-test-policies.json
@@ -0,0 +1,489 @@
+{
+ "serviceName": "cm_hbase",
+ "serviceId": 3,
+ "policyVersion": 7141,
+ "policies": [
+ {
+ "id": 4, "name": "all - table, column-family, column",
+ "resources": {
+ "table": { "values": [ "prospects", "invoices" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, { "type":
"create" }, { "type": "admin" }, { "type": "execute" } ],
+ "users": [ "hbase", "hive" ], "groups": [ "pr00_xbgdta" ],
"delegateAdmin": true
+ },
+ {
+ "accesses": [ { "type": "read" }, {"type": "create" } ],
+ "users": [ "rangerlookup" ]
+ },
+ {
+ "accesses": [ { "type": "read" }, { "type": "execute" } ],
+ "groups": [ "qqsens", "fb00_xbgdta" ]
+ }
+ ]
+ },
+ {
+ "id": 5, "name": "ATLAS_HBASE_TABLES", "isAuditEnabled": false,
+ "resources": {
+ "table": { "values": [ "atlas_janus",
"ATLAS_ENTITY_AUDIT_EVENTS" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, { "type":
"create" }, { "type": "admin" }, { "type": "execute" } ],
+ "users": [ "atlas" ]
+ }
+ ]
+ },
+ {
+ "id": 782, "name": "SYSTEM", "description": "",
+ "resources": {
+ "table": { "values": [ "SYSTEM:*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, { "type":
"create" }, { "type": "execute" } ],
+ "users": [ "{USER}" ]
+ }
+ ]
+ },
+ {
+ "id": 821, "name": "fb00_xda017",
+ "resources": {
+ "table": { "values": [ "fb00_*da017*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, { "type":
"create" }, { "type": "admin" }, { "type": "execute" } ],
+ "groups": [ "fb00_xda017", "xagcla" ]
+ }
+ ]
+ },
+ {
+ "id": 822, "name": "fb00_xda029",
+ "resources": {
+ "table": { "values": [ "fb00_*da029*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, {"type":
"create" }, { "type": "admin" }, { "type": "execute" } ],
+ "groups": [ "fb00_xda029" ]
+ }
+ ]
+ },
+ {
+ "id": 823, "name": "fb00_xda034",
+ "resources": {
+ "table": { "values": [ "fb00_*da034*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, {"type": "write" }, {"type":
"create" }, { "type": "admin" }, {"type": "execute" } ],
+ "groups": [ "fb00_xda034" ]
+ }
+ ]
+ },
+ {
+ "id": 824, "name": "fb00_xda035",
+ "resources": {
+ "table": { "values": [ "fb00_*da035*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, {"type":
"create" }, { "type": "admin" }, { "type": "execute" } ],
+ "groups": [ "fb00_xda035" ]
+ }
+ ]
+ },
+ {
+ "id": 825, "name": "fb00_xda041",
+ "resources": {
+ "table": { "values": [ "fb00_*da041*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, { "type":
"create" }, { "type": "admin" }, { "type": "execute" } ],
+ "groups": [ "fb00_xda041" ]
+ }
+ ]
+ },
+ {
+ "id": 826, "name": "fb00_xda043",
+ "resources": {
+ "table": { "values": [ "fb00_*da043*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, {"type":
"create" }, { "type": "admin" }, { "type": "execute" } ],
+ "groups": [ "fb00_xda043" ]
+ }
+ ]
+ },
+ {
+ "id": 827, "name": "fb00_xda052",
+ "resources": {
+ "table": { "values": [ "fb00_*da052*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, { "type":
"create" }, { "type": "admin" }, { "type": "execute" } ],
+ "groups": [ "fb00_xda052" ]
+ }
+ ]
+ },
+ {
+ "id": 828, "name": "fb00_xda060",
+ "resources": {
+ "table": { "values": [ "fb00_*da060*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, { "type":
"create" }, { "type": "admin" }, {"type": "execute" } ],
+ "groups": [ "fb00_xda060" ]
+ }
+ ]
+ },
+ {
+ "id": 829, "name": "fb00_xda066",
+ "resources": {
+ "table": { "values": [ "fb00_*da066*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, { "type":
"create" }, { "type": "admin" }, { "type": "execute" } ],
+ "groups": [ "fb00_xda066" ]
+ }
+ ]
+ },
+ {
+ "id": 830, "name": "fb00_xda085",
+ "resources": {
+ "table": { "values": [ "fb00_*da085*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, { "type":
"create" }, { "type": "admin" }, {"type": "execute" } ],
+ "groups": [ "fb00_xda085" ]
+ }
+ ]
+ },
+ {
+ "id": 831, "name": "fb00_xda092",
+ "resources": {
+ "table": { "values": [ "fb00_*da092*" ] },
+ "column-family": { "values": [ "*" ]},
+ "column": { "values": [ "*" ]}
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, {"type": "write" }, {"type":
"create" }, { "type": "admin" }, {"type": "execute" } ],
+ "groups": [ "fb00_xda092" ]
+ }
+ ]
+ },
+ {
+ "id": 832, "name": "fb00_xda126",
+ "resources": {
+ "table": { "values": [ "fb00_*da126*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, { "type":
"create" }, { "type": "admin" }, { "type": "execute"} ],
+ "groups": [ "fb00_xda126" ]
+ },
+ {
+ "accesses": [ { "type": "read" }, { "type": "execute" } ],
+ "groups": [ "fb00_xda085" ]
+ }
+ ]
+ },
+ {
+ "id": 833, "name": "fb00_xds020",
+ "resources": {
+ "table": { "values": [ "fb00_*ds020*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, { "type":
"create" }, { "type": "admin" }, { "type": "execute" } ],
+ "groups": [ "fb00_xds020" ]
+ }
+ ]
+ },
+ {
+ "id": 834, "name": "fb00_xoi022",
+ "resources": {
+ "table": { "values": [ "fb00_*oi022*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, { "type":
"create" }, { "type": "admin" }, { "type": "execute" } ],
+ "groups": [ "fb00_xoi022" ]
+ },
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, { "type":
"create" }, { "type": "execute" } ],
+ "groups": [ "fb00_braff", "fb00_bbrut" ]
+ },
+ {
+ "accesses": [ { "type": "read" }, { "type": "execute" } ],
+ "groups": [
+ "fb00_xoi099", "fb00_xoi098", "fb00_xoi097", "sd00_xlx001",
"fb00_xda085", "fb00_xda126", "fb00_xda017", "qqsens", "fb00_xda062",
+ "fb00_xpr203", "fb00_xda144", "fb00_xda143", "fb00_xda108",
"fb00_xoi033", "fb00_xda042", "fb00_xpx091", "fb00_xda107"
+ ]
+ }
+ ]
+ },
+ {
+ "id": 835, "name": "fb00_xoi025",
+ "resources": {
+ "table": { "values": [ "fb00_*oi025*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" }, {"type":
"create" }, { "type": "admin" }, { "type": "execute" } ],
+ "groups": [ "fb00_xoi025" ]
+ }
+ ]
+ },
+ {
+ "id": 836, "name": "fb00_xoi033",
+ "resources": {
+ "table": { "values": [ "fb00_*oi033*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, {"type": "write" }, { "type":
"create" }, { "type": "admin" }, { "type": "execute" } ],
+ "groups": [ "fb00_xoi033" ]
+ },
+ {
+ "accesses": [ { "type": "read" }, { "type": "execute" } ],
+ "groups": [ "fb00_xpr203" ]
+ }
+ ]
+ }
+ ],
+ "serviceDef": {
+ "id": 2, "name": "hbase", "implClass":
"org.apache.ranger.services.hbase.RangerServiceHBase",
+ "options": { "enableDenyAndExceptionsInPolicies": "true" },
+ "configs": [
+ { "itemId": 1, "name": "username", "type":
"string", "mandatory": true, "label": "Username" },
+ { "itemId": 2, "name": "password", "type":
"password", "mandatory": true, "label": "Password" },
+ { "itemId": 3, "name": "hadoop.security.authentication", "type":
"enum", "subType": "authnType", "mandatory": true, "defaultValue": "simple"
},
+ { "itemId": 4, "name": "hbase.master.kerberos.principal", "type":
"string", "mandatory": false, "defaultValue": "" },
+ { "itemId": 5, "name": "hbase.security.authentication", "type":
"enum", "subType": "authnType", "mandatory": true, "defaultValue": "simple"
},
+ { "itemId": 6, "name": "hbase.zookeeper.property.clientPort", "type":
"int", "mandatory": true, "defaultValue": "2181" },
+ { "itemId": 7, "name": "hbase.zookeeper.quorum", "type":
"string", "mandatory": true, "defaultValue": "" },
+ { "itemId": 8, "name": "zookeeper.znode.parent", "type":
"string", "mandatory": true, "defaultValue": "/hbase" },
+ { "itemId": 9, "name": "commonNameForCertificate", "type":
"string", "mandatory": false, "label": "Common Name for Certificate" },
+ { "itemId": 10, "name": "ranger.plugin.audit.filters", "type":
"string", "mandatory": false, "defaultValue": "[{'accessResult': 'DENIED',
'isAudited': true},{'resources':{'table':{'values':['*-ROOT-*','*.META.*',
'*_acl_*', 'hbase:meta', 'hbase:acl', 'default', 'hbase']}}, 'users':['hbase'],
'isAudited': false },
{'resources':{'table':{'values':['atlas_janus','ATLAS_ENTITY_AUDIT_EVENTS']},'column-family':{'values':['*']},'column':{'values':['*']}},'users':['atlas',
'hbase [...]
+ "label": "Ranger Default Audit Filters"
+ }
+ ],
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "table",
+ "type": "string",
+ "level": 10,
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher":
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "false" },
+ "label": "HBase Table",
+ "description": "HBase Table",
+ "isValidLeaf": false
+ },
+ {
+ "itemId": 2,
+ "name": "column-family",
+ "type": "string",
+ "level": 20,
+ "parent": "table",
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher":
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "false" },
+ "label": "HBase Column-family",
+ "description": "HBase Column-family",
+ "isValidLeaf": false
+ },
+ {
+ "itemId": 3,
+ "name": "column",
+ "type": "string",
+ "level": 30,
+ "parent": "column-family",
+ "mandatory": true,
+ "lookupSupported": false,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher":
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "false" },
+ "label": "HBase Column",
+ "description": "HBase Column",
+ "isValidLeaf": true
+ }
+ ],
+ "accessTypes": [
+ { "itemId": 1, "name": "read", "label": "Read" },
+ { "itemId": 2, "name": "write", "label": "Write" },
+ { "itemId": 3, "name": "create", "label": "Create" },
+ { "itemId": 4, "name": "admin", "label": "Admin", "impliedGrants": [
"read", "write", "create", "execute" ] },
+ { "itemId": 5, "name": "execute", "label": "Execute" }
+ ],
+ "enums": [
+ {
+ "itemId": 1, "name": "authnType", "defaultIndex": 0,
+ "elements": [
+ { "itemId": 1, "name": "simple", "label": "Simple" },
+ { "itemId": 2, "name": "kerberos", "label": "Kerberos" }
+ ]
+ }
+ ]
+ },
+ "auditMode": "audit-default",
+ "tagPolicies": {
+ "serviceName": "cm_tag",
+ "serviceId": 2,
+ "policies": [
+ {
+ "id": 3, "name": "EXPIRES_ON",
+ "resources": {
+ "tag": { "values": [ "EXPIRES_ON" ] }
+ },
+ "denyPolicyItems": [
+ {
+ "accesses": [ { "type": "hbase:execute" }, { "type":
"hbase:create" }, { "type": "hbase:read" }, { "type": "hbase:write" }, {
"type": "hbase:admin" } ],
+ "groups": [ "public" ],
+ "conditions": [ { "type": "accessed-after-expiry", "values": [
"yes" ] } ]
+ }
+ ]
+ },
+ {
+ "id": 780, "name": "kw_raffinageonly",
+ "resources": {
+ "tag": { "values": [ "kw_raffinageonly" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "hbase:execute" }, { "type":
"hbase:create" }, { "type": "hbase:read" }, { "type": "hbase:write" }, {
"type": "hbase:admin" } ],
+ "groups": [ "fb00_braff", "pr00_braff", "hadoop" ]
+ }
+ ]
+ }
+ ],
+ "serviceDef": {
+ "id": 100, "name": "tag", "implClass":
"org.apache.ranger.services.tag.RangerServiceTag",
+ "options": { "enableDenyAndExceptionsInPolicies": "true", "ui.pages":
"tag-based-policies" },
+ "configs": [
+ {
+ "itemId": 1,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "mandatory": false,
+ "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true} ]",
+ "label": "Ranger Default Audit Filters"
+ }
+ ],
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "tag",
+ "type": "string",
+ "level": 1,
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": false,
+ "matcher":
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "false", "ignoreCase": "false" },
+ "uiHint": "{ \"singleValue\":true }",
+ "label": "TAG",
+ "description": "TAG",
+ "isValidLeaf": true
+ }
+ ],
+ "accessTypes": [
+ { "itemId": 104105, "name": "hbase:read", "label": "Read" },
+ { "itemId": 104106, "name": "hbase:write", "label": "Write" },
+ { "itemId": 104107, "name": "hbase:execute", "label": "Execute" },
+ { "itemId": 104108, "name": "hbase:create", "label": "Create" },
+ { "itemId": 104109, "name": "hbase:admin", "label": "Admin" }
+ ],
+ "policyConditions": [
+ {
+ "itemId": 1,
+ "name": "accessed-after-expiry",
+ "evaluator":
"org.apache.ranger.plugin.conditionevaluator.RangerScriptTemplateConditionEvaluator",
+ "evaluatorOptions": { "scriptTemplate":
"ctx.isAccessedAfter('expiry_date');" },
+ "uiHint": "{ \"singleValue\":true }",
+ "label": "Accessed after expiry_date (yes/no)?",
+ "description": "Accessed after expiry_date? (yes/no)"
+ },
+ {
+ "itemId": 2,
+ "name": "expression",
+ "evaluator":
"org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator",
+ "evaluatorOptions": { "engineName": "JavaScript", "ui.isMultiline":
"true" },
+ "uiHint": "{ \"isMultiline\":true }",
+ "label": "Enter boolean expression",
+ "description": "Boolean expression"
+ }
+ ],
+ "contextEnrichers": [
+ {
+ "itemId": 1,
+ "name": "TagEnricher",
+ "enricher":
"org.apache.ranger.plugin.contextenricher.RangerTagEnricher",
+ "enricherOptions": { "tagRetrieverClassName":
"org.apache.ranger.plugin.contextenricher.RangerAdminTagRetriever",
"tagRefresherPollingInterval": "60000" }
+ }
+ ]
+ },
+ "auditMode": "audit-default",
+ "serviceConfig": {
+ "ranger.plugin.audit.filters": "[ {'accessResult': 'DENIED',
'isAudited': true} ]"
+ }
+ },
+ "serviceConfig": {
+ "ranger.plugin.audit.filters":
"[{'accessResult':'DENIED','isAudited':true},{'resources':{'table':{'values':['*-ROOT-*','*.META.*','*_acl_*','hbase:meta','hbase:acl','default','hbase'],'isExcludes':true}},'users':['hbase'],'isAudited':false},{'resources':{'table':{'values':['atlas_janus','ATLAS_ENTITY_AUDIT_EVENTS'],'isExcludes':true},'column-family':{'values':['*'],'isExcludes':true},'column':{'values':['*'],'isExcludes':true}},'users':['atlas','hbase'],'isAudited':false},{'users':[
[...]
+ }
+}
diff --git
a/agents-common/src/test/resources/policyengine/ranger-hbase-security.xml
b/agents-common/src/test/resources/policyengine/ranger-hbase-security.xml
new file mode 100644
index 000000000..3c1966e40
--- /dev/null
+++ b/agents-common/src/test/resources/policyengine/ranger-hbase-security.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude";>
+ <property>
+ <name>ranger.plugin.hbase.service.name</name>
+ <value>cl1_hbase</value>
+ <description>
+ Name of the Ranger service containing policies for this test
+ </description>
+ </property>
+ <property>
+ <name>ranger.plugin.hbase.policy.source.impl</name>
+
<value>org.apache.ranger.plugin.policyengine.RangerAdminClientImpl</value>
+ <description>
+ Policy source.
+ </description>
+ </property>
+ <property>
+ <name>ranger.plugin.hbase.policy.pollIntervalMs</name>
+ <value>2000</value>
+ <description>
+ How often to poll for changes in policies?
+ </description>
+ </property>
+ <property>
+ <name>ranger.plugin.hbase.policy.cache.dir</name>
+ <value>${project.build.directory}</value>
+ <description>
+ Directory where Ranger policies are cached after successful
retrieval from the source
+ </description>
+ </property>
+
+</configuration>
diff --git
a/agents-common/src/test/resources/policyengine/ranger-servicedef-hbase.json
b/agents-common/src/test/resources/policyengine/ranger-servicedef-hbase.json
new file mode 100644
index 000000000..818c41c1e
--- /dev/null
+++ b/agents-common/src/test/resources/policyengine/ranger-servicedef-hbase.json
@@ -0,0 +1,83 @@
+{
+ "id": 2,
+ "name": "hbase",
+ "implClass": "org.apache.ranger.services.hbase.RangerServiceHBase",
+ "options": { "enableDenyAndExceptionsInPolicies": "true" },
+ "configs": [
+ { "itemId": 1, "name": "username", "type":
"string", "mandatory": true, "label": "Username" },
+ { "itemId": 2, "name": "password", "type":
"password", "mandatory": true, "label": "Password" },
+ { "itemId": 3, "name": "hadoop.security.authentication", "type":
"enum", "subType": "authnType", "mandatory": true, "defaultValue": "simple"
},
+ { "itemId": 4, "name": "hbase.master.kerberos.principal", "type":
"string", "mandatory": false, "defaultValue": "" },
+ { "itemId": 5, "name": "hbase.security.authentication", "type":
"enum", "subType": "authnType", "mandatory": true, "defaultValue": "simple"
},
+ { "itemId": 6, "name": "hbase.zookeeper.property.clientPort", "type":
"int", "mandatory": true, "defaultValue": "2181" },
+ { "itemId": 7, "name": "hbase.zookeeper.quorum", "type":
"string", "mandatory": true, "defaultValue": "" },
+ { "itemId": 8, "name": "zookeeper.znode.parent", "type":
"string", "mandatory": true, "defaultValue": "/hbase" },
+ { "itemId": 9, "name": "commonNameForCertificate", "type":
"string", "mandatory": false, "label": "Common Name for Certificate" },
+ { "itemId": 10, "name": "ranger.plugin.audit.filters", "type":
"string", "mandatory": false, "defaultValue": "[{'accessResult': 'DENIED',
'isAudited': true},{'resources':{'table':{'values':['*-ROOT-*','*.META.*',
'*_acl_*', 'hbase:meta', 'hbase:acl', 'default', 'hbase']}}, 'users':['hbase'],
'isAudited': false },
{'resources':{'table':{'values':['atlas_janus','ATLAS_ENTITY_AUDIT_EVENTS']},'column-family':{'values':['*']},'column':{'values':['*']}},'users':['atlas',
'hbase'], [...]
+ ],
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "table",
+ "type": "string",
+ "level": 10,
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher":
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "false" },
+ "label": "HBase Table",
+ "description": "HBase Table",
+ "isValidLeaf": false
+ },
+ {
+ "itemId": 2,
+ "name": "column-family",
+ "type": "string",
+ "level": 20,
+ "parent": "table",
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher":
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "false" },
+ "label": "HBase Column-family",
+ "description": "HBase Column-family",
+ "isValidLeaf": false
+ },
+ {
+ "itemId": 3,
+ "name": "column",
+ "type": "string",
+ "level": 30,
+ "parent": "column-family",
+ "mandatory": true,
+ "lookupSupported": false,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher":
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "false" },
+ "label": "HBase Column",
+ "description": "HBase Column",
+ "isValidLeaf": true
+ }
+ ],
+ "accessTypes": [
+ { "itemId": 1, "name": "read", "label": "Read" },
+ { "itemId": 2, "name": "write", "label": "Write" },
+ { "itemId": 3, "name": "create", "label": "Create" },
+ { "itemId": 4, "name": "admin", "label": "Admin", "impliedGrants": [
"read", "write", "create" ] },
+ { "itemId": 5, "name": "execute", "label": "Execute" }
+ ],
+ "enums": [
+ {
+ "itemId": 1, "name": "authnType", "defaultIndex": 0,
+ "elements": [
+ { "itemId": 1, "name": "simple", "label": "Simple" },
+ { "itemId": 2, "name": "kerberos", "label": "Kerberos" }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git
a/agents-common/src/test/resources/policyengine/ranger-servicedef-tag.json
b/agents-common/src/test/resources/policyengine/ranger-servicedef-tag.json
new file mode 100644
index 000000000..eaef5fdf6
--- /dev/null
+++ b/agents-common/src/test/resources/policyengine/ranger-servicedef-tag.json
@@ -0,0 +1,70 @@
+{
+ "id": 100,
+ "name": "tag",
+ "displayName": "tag",
+ "implClass": "org.apache.ranger.services.tag.RangerServiceTag",
+ "label": "TAG",
+ "description": "TAG Service Definition",
+ "options": { "ui.pages": "tag-based-policies" },
+ "resources":
+ [
+ {
+ "itemId": 1,
+ "name": "tag",
+ "type": "string",
+ "level": 1,
+ "parent": "",
+ "mandatory": true,
+ "lookupSupported": true,
+ "matcher":
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard":false, "ignoreCase":false },
+ "uiHint": "{ \"singleValue\":true }",
+ "label": "TAG",
+ "description": "TAG"
+ }
+ ],
+
+ "configs":
+ [
+ {
+ "itemId": 1,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "mandatory": false,
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true} ]"
+ }
+ ],
+
+ "contextEnrichers":
+ [
+ {
+ "itemId": 1,
+ "name" : "TagEnricher",
+ "enricher" :
"org.apache.ranger.plugin.contextenricher.RangerTagEnricher",
+ "enricherOptions" : { "tagRetrieverClassName":
"org.apache.ranger.plugin.contextenricher.RangerAdminTagRetriever",
"tagRefresherPollingInterval": 60000 }
+ }
+ ],
+
+ "policyConditions":
+ [
+ {
+ "itemId": 1,
+ "name": "accessed-after-expiry",
+ "evaluator":
"org.apache.ranger.plugin.conditionevaluator.RangerScriptTemplateConditionEvaluator",
+ "evaluatorOptions" : { "scriptTemplate":
"ctx.isAccessedAfter('expiry_date');" },
+ "label": "Accessed after expiry_date (yes/no)?",
+ "description": "Accessed after expiry_date? (yes/no)",
+ "uiHint": "{ \"singleValue\":true }"
+ },
+ {
+ "itemId": 2,
+ "name": "expression",
+ "evaluator":
"org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator",
+ "evaluatorOptions" : { "engineName": "JavaScript", "ui.isMultiline":
"true" },
+ "label": "Enter boolean expression",
+ "description": "Boolean expression",
+ "uiHint" : "{ \"isMultiline\":true }"
+ }
+ ]
+}
diff --git
a/agents-common/src/test/resources/policyengine/test_base_plugin_hbase.json
b/agents-common/src/test/resources/policyengine/test_base_plugin_hbase.json
new file mode 100644
index 000000000..e7ac572ad
--- /dev/null
+++ b/agents-common/src/test/resources/policyengine/test_base_plugin_hbase.json
@@ -0,0 +1,1445 @@
+{
+ "policiesFilename": "/plugin/hive_policies.json",
+ "tagsFilename": "/plugin/hive_tags.json",
+ "rolesFilename": "/plugin/hive_roles.json",
+ "userStoreFilename": "/plugin/hive_user_store.json",
+ "gdsInfoFilename": "/policyengine/gds/gds_info_hive_access.json",
+ "tests": [
+ {
+ "name": "table: prospects, user: hbase, access: read",
+ "request": {
+ "resource": { "elements": { "table": "prospects" } },
+ "accessType": "read", "user": "hbase", "userGroups": []
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 4 }
+ },
+ {
+ "name": "table: prospects, user: hbase, access: write",
+ "request": {
+ "resource": { "elements": { "table": "prospects" } },
+ "accessType": "write", "user": "hbase", "userGroups": []
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 4 }
+ },
+ {
+ "name": "table: prospects, user: hbase, access: create",
+ "request": {
+ "resource": { "elements": { "table": "prospects" } },
+ "accessType": "create", "user": "hbase", "userGroups": []
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 4 }
+ },
+ {
+ "name": "table: prospects, user: hbase, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "prospects" } },
+ "accessType": "admin", "user": "hbase", "userGroups": []
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 4 }
+ },
+ {
+ "name": "table: prospects, user: hbase, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "prospects" } },
+ "accessType": "execute", "user": "hbase", "userGroups": []
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 4 }
+ },
+ {
+ "name": "table: sales.prospects, user: proj-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "prospects" } },
+ "accessType": "read", "user": "no-user", "userGroups": []
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: sales.prospects, user: no-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "prospects" } },
+ "accessType": "write", "user": "no-user", "userGroups": []
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: sales.prospects, user: no-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "prospects" } },
+ "accessType": "create", "user": "no-user", "userGroups": []
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: invoices, user: no-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "invoices" } },
+ "accessType": "admin", "user": "no-user", "userGroups": []
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: invoices, user: no-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "invoices" } },
+ "accessType": "execute", "user": "no-user", "userGroups": []
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: ATLAS_ENTITY_AUDIT_EVENTS, user: atlas, access: read",
+ "request": {
+ "resource": { "elements": { "table": "ATLAS_ENTITY_AUDIT_EVENTS" } },
+ "accessType": "read", "user": "atlas", "userGroups": []
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 5 }
+ },
+ {
+ "name": "table: ATLAS_ENTITY_AUDIT_EVENTS, user: atlas, access: write",
+ "request": {
+ "resource": { "elements": { "table": "ATLAS_ENTITY_AUDIT_EVENTS" } },
+ "accessType": "write", "user": "atlas", "userGroups": []
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 5 }
+ },
+ {
+ "name": "table: ATLAS_ENTITY_AUDIT_EVENTS, user: atlas, access: create",
+ "request": {
+ "resource": { "elements": { "table": "ATLAS_ENTITY_AUDIT_EVENTS" } },
+ "accessType": "create", "user": "atlas", "userGroups": []
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 5 }
+ },
+ {
+ "name": "table: ATLAS_ENTITY_AUDIT_EVENTS, user: atlas, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "ATLAS_ENTITY_AUDIT_EVENTS" } },
+ "accessType": "admin", "user": "atlas", "userGroups": []
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 5 }
+ },
+ {
+ "name": "table: ATLAS_ENTITY_AUDIT_EVENTS, user: no-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "ATLAS_ENTITY_AUDIT_EVENTS" } },
+ "accessType": "read", "user": "no-user", "userGroups": []
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: ATLAS_ENTITY_AUDIT_EVENTS, user: no-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "ATLAS_ENTITY_AUDIT_EVENTS" } },
+ "accessType": "write", "user": "no-user", "userGroups": []
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: ATLAS_ENTITY_AUDIT_EVENTS, user: no-user, access:
create",
+ "request": {
+ "resource": { "elements": { "table": "ATLAS_ENTITY_AUDIT_EVENTS" } },
+ "accessType": "create", "user": "no-user", "userGroups": []
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: ATLAS_ENTITY_AUDIT_EVENTS, user: no-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "ATLAS_ENTITY_AUDIT_EVENTS" } },
+ "accessType": "admin", "user": "no-user", "userGroups": []
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: SYSTEM:invoices, user: proj1-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "SYSTEM:invoices" } },
+ "accessType": "read", "user": "proj1-user", "userGroups": []
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 782 }
+ },
+ {
+ "name": "table: SYSTEM:invoices, user: no-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "SYSTEM:invoices" } },
+ "accessType": "write", "user": "no-user", "userGroups": []
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 782 }
+ },
+
+ {
+ "name": "table: SYSTEM:invoices, user: res-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "SYSTEM:invoices" } },
+ "accessType": "create", "user": "res-user", "userGroups": []
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 782 }
+ },
+ {
+ "name": "table: SYSTEM:invoices, user: tag-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "SYSTEM:invoices" } },
+ "accessType": "execute", "user": "tag-user", "userGroups": []
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 782 }
+ },
+ {
+ "name": "table: fb00_qda017shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda017shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda017"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 821 }
+ },
+ {
+ "name": "table: fb00_qda017shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda017shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups": ["fb00_xda017"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 821 }
+ },
+ {
+ "name": "table: fb00_qda017shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda017shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda017"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 821 }
+ },
+ {
+ "name": "table: fb00_qda017shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda017shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups": ["fb00_xda017"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 821 }
+ },
+ {
+ "name": "table: fb00_qda017shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda017shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xda017"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 821 }
+ },
+ {
+ "name": "table: fb00_qda017shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda017shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda0171"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda017shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda017shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups":
["fb00_xda0171"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda017shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda017shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda0171"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda017shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda017shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups":
["fb00_xda0171"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda017shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda017shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xda0171"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda029shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda029shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda029"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 822 }
+ },
+ {
+ "name": "table: fb00_qda029shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda029shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups": ["fb00_xda029"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 822 }
+ },
+ {
+ "name": "table: fb00_qda029shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda029shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda029"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 822 }
+ },
+ {
+ "name": "table: fb00_qda029shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda029shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups": ["fb00_xda029"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 822 }
+ },
+ {
+ "name": "table: fb00_qda029shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda029shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xda029"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 822 }
+ },
+ {
+ "name": "table: fb00_qda029shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda029shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda0291"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda029shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda029shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups":
["fb00_xda0291"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda029shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda029shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda0291"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda029shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda029shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups":
["fb00_xda0291"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda029shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda029shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xda0171"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda034shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda034shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda034"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 823 }
+ },
+ {
+ "name": "table: fb00_qda034shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda034shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups": ["fb00_xda034"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 823 }
+ },
+ {
+ "name": "table: fb00_qda034shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda034shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda034"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 823 }
+ },
+ {
+ "name": "table: fb00_qda034shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda034shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups": ["fb00_xda034"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 823 }
+ },
+ {
+ "name": "table: fb00_qda034shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda034shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xda034"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 823 }
+ },
+ {
+ "name": "table: fb00_qda034shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda034shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda0341"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda034shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda034shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups":
["fb00_xda0341"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda034shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda034shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda0341"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda034shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda034shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups":
["fb00_xda0341"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda035shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda035shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda035"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 824 }
+ },
+ {
+ "name": "table: fb00_qda035shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda035shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups": ["fb00_xda035"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 824 }
+ },
+ {
+ "name": "table: fb00_qda035shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda035shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda035"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 824 }
+ },
+ {
+ "name": "table: fb00_qda035shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda035shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups": ["fb00_xda035"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 824 }
+ },
+ {
+ "name": "table: fb00_qda035shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda035shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xda035"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 824 }
+ },
+ {
+ "name": "table: fb00_qda035shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda035shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda0351"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda035shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda035shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups":
["fb00_xda0351"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda035shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda035shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda0351"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda035shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda035shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups":
["fb00_xda0351"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda041shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda041shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda041"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 825 }
+ },
+ {
+ "name": "table: fb00_qda041shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda041shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups": ["fb00_xda041"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 825 }
+ },
+ {
+ "name": "table: fb00_qda041shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda041shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda041"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 825 }
+ },
+ {
+ "name": "table: fb00_qda041shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda041shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups": ["fb00_xda041"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 825 }
+ },
+ {
+ "name": "table: fb00_qda041shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda041shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xda041"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 825 }
+ },
+ {
+ "name": "table: fb00_qda041shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda041shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda0411"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda041shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda041shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups":
["fb00_xda0411"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda041shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda041shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda0411"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda041shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda041shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups":
["fb00_xda0411"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda043shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda043shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda043"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 826 }
+ },
+ {
+ "name": "table: fb00_qda043shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda043shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups": ["fb00_xda043"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 826 }
+ },
+ {
+ "name": "table: fb00_qda043shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda043shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda043"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 826 }
+ },
+ {
+ "name": "table: fb00_qda043shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda043shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups": ["fb00_xda043"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 826 }
+ },
+ {
+ "name": "table: fb00_qda043shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda043shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xda043"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 826 }
+ },
+ {
+ "name": "table: fb00_qda043shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda043shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda0431"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda043shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda043shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups":
["fb00_xda0431"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda043shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda043shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda0431"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda043shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda043shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups":
["fb00_xda0431"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda052shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda052shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda052"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 827 }
+ },
+ {
+ "name": "table: fb00_qda052shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda052shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups": ["fb00_xda052"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 827 }
+ },
+ {
+ "name": "table: fb00_qda052shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda052shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda052"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 827 }
+ },
+ {
+ "name": "table: fb00_qda052shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda052shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups": ["fb00_xda052"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 827 }
+ },
+ {
+ "name": "table: fb00_qda052shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda052shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xda052"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 827 }
+ },
+ {
+ "name": "table: fb00_qda052shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda052shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda0521"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda052shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda052shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups":
["fb00_xda0521"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda052shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda052shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda0521"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda052shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda052shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups":
["fb00_xda0521"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda060shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda060shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda060"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 828 }
+ },
+ {
+ "name": "table: fb00_qda060shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda060shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups": ["fb00_xda060"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 828 }
+ },
+ {
+ "name": "table: fb00_qda060shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda060shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda060"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 828 }
+ },
+ {
+ "name": "table: fb00_qda060shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda060shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups": ["fb00_xda060"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 828 }
+ },
+ {
+ "name": "table: fb00_qda060shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda060shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xda060"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 828 }
+ },
+ {
+ "name": "table: fb00_qda060shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda060shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda0601"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda060shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda060shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups":
["fb00_xda0601"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda060shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda060shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda0601"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda060shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda060shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups":
["fb00_xda0601"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda066shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda066shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda066"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 829 }
+ },
+ {
+ "name": "table: fb00_qda066shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda066shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups": ["fb00_xda066"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 829 }
+ },
+ {
+ "name": "table: fb00_qda066shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda066shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda066"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 829 }
+ },
+ {
+ "name": "table: fb00_qda066shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda066shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups": ["fb00_xda066"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 829 }
+ },
+ {
+ "name": "table: fb00_qda066shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda066shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xda066"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 829 }
+ },
+ {
+ "name": "table: fb00_qda066shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda066shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda0661"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda066shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda066shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups":
["fb00_xda0661"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda066shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda066shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda0661"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda066shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda066shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups":
["fb00_xda0661"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda085shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda085shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda085"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 830 }
+ },
+ {
+ "name": "table: fb00_qda085shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda085shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups": ["fb00_xda085"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 830 }
+ },
+ {
+ "name": "table: fb00_qda085shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda085shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda085"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 830 }
+ },
+ {
+ "name": "table: fb00_qda085shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda085shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups": ["fb00_xda085"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 830 }
+ },
+ {
+ "name": "table: fb00_qda085shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda085shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xda085"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 830 }
+ },
+ {
+ "name": "table: fb00_qda085shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda085shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda0851"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda085shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda085shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups":
["fb00_xda0851"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda085shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda085shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda0851"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda085shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda085shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups":
["fb00_xda0851"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda092shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda092shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda092"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 831 }
+ },
+ {
+ "name": "table: fb00_qda092shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda092shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups": ["fb00_xda092"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 831 }
+ },
+ {
+ "name": "table: fb00_qda092shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda092shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda092"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 831 }
+ },
+ {
+ "name": "table: fb00_qda092shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda092shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups": ["fb00_xda092"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 831 }
+ },
+ {
+ "name": "table: fb00_qda092shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda092shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xda092"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 831 }
+ },
+ {
+ "name": "table: fb00_qda092shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda092shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda0921"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda092shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda092shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups":
["fb00_xda0921"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda092shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda092shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda0921"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda092shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda092shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups":
["fb00_xda0921"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda126shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda126shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda126"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 832 }
+ },
+ {
+ "name": "table: fb00_qda126shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda126shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups": ["fb00_xda126"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 832 }
+ },
+ {
+ "name": "table: fb00_qda126shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda126shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda126"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 832 }
+ },
+ {
+ "name": "table: fb00_qda126shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda126shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups": ["fb00_xda126"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 832 }
+ },
+ {
+ "name": "table: fb00_qda126shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda126shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xda126"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 832 }
+ },
+ {
+ "name": "table: fb00_qda126shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda126shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xda1261"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda126shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda126shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups":
["fb00_xda1261"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda126shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda126shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xda1261"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda126shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qda126shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups":
["fb00_xda1261"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qda020shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qds020shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xds020"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 833 }
+ },
+ {
+ "name": "table: fb00_qds020shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qds020shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups": ["fb00_xds020"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 833 }
+ },
+ {
+ "name": "table: fb00_qds020shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qds020shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xds020"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 833 }
+ },
+ {
+ "name": "table: fb00_qds020shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qds020shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups": ["fb00_xds020"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 833 }
+ },
+ {
+ "name": "table: fb00_qds020shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qds020shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xds020"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 833 }
+ },
+ {
+ "name": "table: fb00_qds020shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qds020shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xds0201"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qds020shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qds020shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups":
["fb00_xds0201"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qds020shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qds020shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xds0201"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qds020shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qds020shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups":
["fb00_xds0201"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qoi022shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi022shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xoi022"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 834 }
+ },
+ {
+ "name": "table: fb00_qoi022shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi022shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups": ["fb00_xoi022"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 834 }
+ },
+ {
+ "name": "table: fb00_qoi022shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi022shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xoi022"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 834 }
+ },
+ {
+ "name": "table: fb00_qoi022shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi022shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups": ["fb00_xoi022"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 834 }
+ },
+ {
+ "name": "table: fb00_qoi022shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi022shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xoi022"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 834 }
+ },
+ {
+ "name": "table: fb00_qoi022shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi022shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xoi0221"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qoi022shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi022shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups":
["fb00_xoi0221"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qoi022shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi022shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xoi0221"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qoi022shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi022shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups":
["ffb00_xoi0221"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qoi025shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi025shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xoi025"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 835 }
+ },
+ {
+ "name": "table: fb00_qoi025shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi025shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups": ["fb00_xoi025"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 835 }
+ },
+ {
+ "name": "table: fb00_qoi025shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi025shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xoi025"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 835 }
+ },
+ {
+ "name": "table: fb00_qoi025shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi025shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups": ["fb00_xoi025"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 835 }
+ },
+ {
+ "name": "table: fb00_qoi025shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi025shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xoi025"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 835 }
+ },
+ {
+ "name": "table: fb00_qoi025shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi025shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xoi0251"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qoi025shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi025shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups":
["fb00_xoi0251"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qoi025shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi025shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xoi0251"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qoi025shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi025shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups":
["ffb00_xoi0251"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qoi033shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi033shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xoi033"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 836 }
+ },
+ {
+ "name": "table: fb00_qoi033shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi033shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups": ["fb00_xoi033"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 836 }
+ },
+ {
+ "name": "table: fb00_qoi033shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi033shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xoi033"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 836 }
+ },
+ {
+ "name": "table: fb00_qoi033shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi033shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups": ["fb00_xoi033"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 836 }
+ },
+ {
+ "name": "table: fb00_qoi033shipments, user: ds-user, access: execute",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi033shipments" } },
+ "accessType": "execute", "user": "ds-user", "userGroups":
["fb00_xoi033"]
+ },
+ "result": { "isAllowed": true, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": 836 }
+ },
+ {
+ "name": "table: fb00_qoi033shipments, user: ds-user, access: read",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi033shipments" } },
+ "accessType": "read", "user": "ds-user", "userGroups": ["fb00_xoi0331"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qoi033shipments, user: ds-user, access: write",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi033shipments" } },
+ "accessType": "write", "user": "ds-user", "userGroups":
["fb00_xoi0331"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qoi033shipments, user: ds-user, access: create",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi033shipments" } },
+ "accessType": "create", "user": "ds-user", "userGroups":
["fb00_xoi0331"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+ {
+ "name": "table: fb00_qoi033shipments, user: ds-user, access: admin",
+ "request": {
+ "resource": { "elements": { "table": "fb00_qoi033shipments" } },
+ "accessType": "admin", "user": "ds-user", "userGroups":
["ffb00_xoi0331"]
+ },
+ "result": { "isAllowed": false, "isAccessDetermined": "true",
"isAudited": true, "isAuditedDetermined": true, "policyId": -1 }
+ },
+
+ {
+ "name": "ACLs: table: sales.prospects",
+ "request": {
+ "resource": { "elements": { "database": "sales", "table": "prospects"
} }
+ },
+ "acls": {
+ "userACLs": {
+ "res-user": { "read": { "result": 1, "isFinal": true, "policy": {
"id": 100 } } },
+ "tag-user": { "select": { "result": 1, "isFinal": true, "policy":
{ "id": 200 } } },
+ "ds-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 2001 } } },
+ "ds1-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 2001 } } },
+ "proj-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 3001 } } },
+ "proj1-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 3001 } } }
+ },
+ "datasets": [ "dataset-1" ],
+ "projects": [ "project-1" ]
+ }
+ },
+ {
+ "name": "ACLs: table: finance.invoices",
+ "request": {
+ "resource": { "elements": { "database": "finance", "table": "invoices"
} }
+ },
+ "acls": {
+ "userACLs": {
+ "res-user": { "select": { "result": 1, "isFinal": true, "policy":
{ "id": 100 } } },
+ "tag-user": { "select": { "result": 1, "isFinal": true, "policy":
{ "id": 200 } } },
+ "ds-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 2001 } } },
+ "ds1-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 2001 } } },
+ "ds2-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 2002 } } },
+ "proj-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 3001 } } },
+ "proj1-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 3001 } } }
+ },
+ "datasets": [ "dataset-1", "dataset-2" ],
+ "projects": [ "project-1" ]
+ }
+ },
+ {
+ "name": "ACLs: table: shipping.shipments",
+ "request": {
+ "resource": { "elements": { "database": "shipping", "table":
"shipments" } }
+ },
+ "acls": {
+ "userACLs": {
+ "res-user": { "select": { "result": 1, "isFinal": true, "policy":
{ "id": 100 } } },
+ "tag-user": { "select": { "result": 1, "isFinal": true, "policy":
{ "id": 200 } } },
+ "ds-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 2002 } } },
+ "ds2-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 2002 } } },
+ "proj-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 3001 } } },
+ "proj1-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 3001 } } }
+ },
+ "datasets": [ "dataset-2" ],
+ "projects": [ "project-1" ]
+ }
+ },
+ {
+ "name": "ACLs: table: customers.contact_info",
+ "request": {
+ "resource": { "elements": { "database": "customers", "table":
"contact_info" } }
+ },
+ "acls": {
+ "userACLs": {
+ "res-user": { "select": { "result": 1, "isFinal": true, "policy":
{ "id": 131 } } },
+ "tag-user": { "select": { "result": 1, "isFinal": true, "policy":
{ "id": 203 } } },
+ "ds-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 2003 } } },
+ "ds3-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 2003 } } },
+ "ds6-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 2006 } } },
+ "proj-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 3002 } } },
+ "proj2-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 3002 } } },
+ "proj4-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 3004 } } }
+ },
+ "datasets": [ "dataset-3", "dataset-6" ],
+ "projects": [ "project-2", "project-4" ]
+ }
+ },
+ {
+ "name": "ACLs: table: operations.facilities",
+ "request": {
+ "resource": { "elements": { "database": "operations", "table":
"facilities" } }
+ },
+ "acls": {
+ "userACLs": {
+ "res-user": { "select": { "result": 1, "isFinal": true, "policy": {
"id": 141 } } },
+ "tag-user": { "select": { "result": 1, "isFinal": true, "policy": {
"id": 204 } } },
+ "ds-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 2004 } } },
+ "ds4-user": { "select": { "result": 1, "isFinal": false, "policy":
{ "id": 2004 } } }
+ },
+ "datasets": [ "dataset-4" ]
+ }
+ }
+ ]
+}
\ No newline at end of file
diff --git
a/agents-common/src/test/resources/policyengine/updated-hbase-test-policies.json
b/agents-common/src/test/resources/policyengine/updated-hbase-test-policies.json
new file mode 100644
index 000000000..4fcfd20cd
--- /dev/null
+++
b/agents-common/src/test/resources/policyengine/updated-hbase-test-policies.json
@@ -0,0 +1,193 @@
+{
+ "serviceName": "cm_hbase",
+ "serviceId": 3,
+ "policyVersion": 7141,
+ "auditMode": "audit-default",
+ "serviceDef": {
+ "id": 2,
+ "name": "hbase",
+ "implClass": "org.apache.ranger.services.hbase.RangerServiceHBase",
+ "options": { "enableDenyAndExceptionsInPolicies": "true" },
+ "configs": [
+ { "itemId": 1, "name": "username",
"type": "string", "mandatory": true, "label": "Username" },
+ { "itemId": 2, "name": "password",
"type": "password", "mandatory": true, "label": "Password" },
+ { "itemId": 3, "name": "hadoop.security.authentication",
"type": "enum", "subType": "authnType", "mandatory": true, "defaultValue":
"simple" },
+ { "itemId": 4, "name": "hbase.master.kerberos.principal",
"type": "string", "mandatory": false, "defaultValue": "" },
+ { "itemId": 5, "name": "hbase.security.authentication",
"type": "enum", "subType": "authnType", "mandatory": true, "defaultValue":
"simple" },
+ { "itemId": 6, "name": "hbase.zookeeper.property.clientPort",
"type": "int", "mandatory": true, "defaultValue": "2181" },
+ { "itemId": 7, "name": "hbase.zookeeper.quorum",
"type": "string", "mandatory": true },
+ { "itemId": 8, "name": "zookeeper.znode.parent",
"type": "string", "mandatory": true, "defaultValue": "/hbase" },
+ { "itemId": 9, "name": "commonNameForCertificate",
"type": "string", "mandatory": false, "label": "Common Name for Certificate"
},
+ { "itemId": 10, "name": "ranger.plugin.audit.filters",
"type": "string", "mandatory": false, "defaultValue": "[{'accessResult':
'DENIED', 'isAudited':
true},{'resources':{'table':{'values':['*-ROOT-*','*.META.*', '*_acl_*',
'hbase:meta', 'hbase:acl', 'default', 'hbase']}}, 'users':['hbase'],
'isAudited': false },
{'resources':{'table':{'values':['atlas_janus','ATLAS_ENTITY_AUDIT_EVENTS']},'column-family':{'values':['*']},'column':{'values':['*']}},'users':['atlas',
' [...]
+ }
+ ],
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "table",
+ "type": "string",
+ "level": 10,
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher":
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase":
"false" },
+ "label": "HBase Table",
+ "description": "HBase Table",
+ "isValidLeaf": false
+ },
+ {
+ "itemId": 2,
+ "name": "column-family",
+ "type": "string",
+ "level": 20,
+ "parent": "table",
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher":
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase":
"false" },
+ "label": "HBase Column-family",
+ "description": "HBase Column-family",
+ "isValidLeaf": false
+ },
+ {
+ "itemId": 3,
+ "name": "column",
+ "type": "string",
+ "level": 30,
+ "parent": "column-family",
+ "mandatory": true,
+ "lookupSupported": false,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher":
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase":
"false" },
+ "label": "HBase Column",
+ "description": "HBase Column",
+ "isValidLeaf": true
+ }
+ ],
+ "accessTypes": [
+ { "itemId": 1, "name": "read", "label": "Read" },
+ { "itemId": 2, "name": "write", "label": "Write" },
+ { "itemId": 3, "name": "create", "label": "Create" },
+ { "itemId": 4, "name": "admin", "label": "Admin",
"impliedGrants": [ "read", "write", "create" ] },
+ { "itemId": 5, "name": "execute", "label": "Execute" }
+ ],
+ "enums": [
+ {
+ "itemId": 1,
+ "name": "authnType",
+ "defaultIndex": 0,
+ "elements": [
+ { "itemId": 1, "name": "simple", "label": "Simple" },
+ { "itemId": 2, "name": "kerberos", "label": "Kerberos" }
+ ]
+ }
+ ]
+ },
+ "tagPolicies": {
+ "serviceName": "cm_tag",
+ "serviceId": 2,
+ "serviceDef": {
+ "id": 100,
+ "name": "tag",
+ "implClass": "org.apache.ranger.services.tag.RangerServiceTag",
+ "options": { "enableDenyAndExceptionsInPolicies": "true",
"ui.pages": "tag-based-policies" },
+ "configs": [
+ {
+ "itemId": 1,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "mandatory": false,
+ "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited':
true} ]",
+ "label": "Ranger Default Audit Filters"
+ }
+ ],
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "tag",
+ "type": "string",
+ "level": 1,
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": false,
+ "matcher":
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "false", "ignoreCase":
"false" },
+ "uiHint": "{ \"singleValue\":true }",
+ "label": "TAG",
+ "description": "TAG",
+ "isValidLeaf": true
+ }
+ ],
+ "accessTypes": [
+ { "itemId": 104105, "name": "hbase:read", "label": "Read" },
+ { "itemId": 104106, "name": "hbase:write", "label": "Write"
},
+ { "itemId": 104107, "name": "hbase:execute", "label":
"Execute" },
+ { "itemId": 104108, "name": "hbase:create", "label": "Create"
},
+ { "itemId": 104109, "name": "hbase:admin", "label": "Admin" }
+ ],
+ "policyConditions": [
+ {
+ "itemId": 1,
+ "name": "accessed-after-expiry",
+ "evaluator":
"org.apache.ranger.plugin.conditionevaluator.RangerScriptTemplateConditionEvaluator",
+ "evaluatorOptions": { "scriptTemplate":
"ctx.isAccessedAfter('expiry_date');" },
+ "uiHint": "{ \"singleValue\":true }",
+ "label": "Accessed after expiry_date (yes/no)?",
+ "description": "Accessed after expiry_date? (yes/no)"
+ },
+ {
+ "itemId": 2,
+ "name": "expression",
+ "evaluator":
"org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator",
+ "evaluatorOptions": { "engineName": "JavaScript",
"ui.isMultiline": "true" },
+ "uiHint": "{ \"isMultiline\":true }",
+ "label": "Enter boolean expression",
+ "description": "Boolean expression"
+ }
+ ],
+ "contextEnrichers": [
+ {
+ "itemId": 1,
+ "name": "TagEnricher",
+ "enricher":
"org.apache.ranger.plugin.contextenricher.RangerTagEnricher",
+ "enricherOptions": { "tagRetrieverClassName":
"org.apache.ranger.plugin.contextenricher.RangerAdminTagRetriever",
"tagRefresherPollingInterval": "60000" }
+ }
+ ]
+ },
+ "auditMode": "audit-default",
+ "serviceConfig": {
+ "ranger.plugin.audit.filters": "[ {'accessResult': 'DENIED',
'isAudited': true} ]"
+ }
+ },
+ "policyDeltas": [
+ {
+ "id": 80343,
+ "changeType": 1,
+ "policiesVersion": 7141,
+ "policy": {
+ "id": 821, "name": "fb00_xda017", "serviceType": "hbase",
"isEnabled": true, "isAuditEnabled": true,
+ "resources": {
+ "table": { "values": [ "vfb00_*vda0171*" ] },
+ "column-family": { "values": [ "*" ] },
+ "column": { "values": [ "*" ] }
+ },
+ "policyItems": [
+ {
+ "accesses": [ { "type": "read" }, { "type": "write" },
{ "type": "create" }, { "type": "admin" }, { "type": "execute" } ],
+ "groups": [ "vfb00_vxda017", "xagcla" ]
+ }
+ ]
+ }
+ }
+ ],
+ "serviceConfig": {
+ "ranger.plugin.audit.filters":
"[{'accessResult':'DENIED','isAudited':true},{'resources':{'table':{'values':['*-ROOT-*','*.META.*','*_acl_*','hbase:meta','hbase:acl','default','hbase'],'isExcludes':true}},'users':['hbase'],'isAudited':false},{'resources':{'table':{'values':['atlas_janus','ATLAS_ENTITY_AUDIT_EVENTS'],'isExcludes':true},'column-family':{'values':['*'],'isExcludes':true},'column':{'values':['*'],'isExcludes':true}},'users':['atlas','hbase'],'isAudited':false},{'user
[...]
+ }
+}
