This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.8
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.8 by this push:
new 91fcfb01d RANGER-5340: fix incorrect isFinal flag in
RangerResourceACLs merge (#687)
91fcfb01d is described below
commit 91fcfb01d9d7171ffe1729a1c0243b8511068854
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Thu Sep 25 20:03:34 2025 -0700
RANGER-5340: fix incorrect isFinal flag in RangerResourceACLs merge (#687)
(cherry picked from commit d6c251699844d09e59d6ecc4c9aecf3fff56e18a)
---
.../plugin/policyengine/RangerResourceACLs.java | 89 ++++++-----
.../policyevaluator/RangerPolicyEvaluator.java | 11 ++
.../ranger/plugin/service/RangerBasePlugin.java | 6 +-
.../ranger/plugin/policyengine/TestPolicyACLs.java | 165 +--------------------
.../resources/plugin/test_base_plugin_hive.json | 2 +-
.../policyengine/test_aclprovider_default.json | 53 ++++---
.../policyengine/test_aclprovider_hdfs.json | 9 +-
.../policyengine/test_aclprovider_mask_filter.json | 36 +++--
.../test_aclprovider_resource_hierarchy_tags.json | 30 ++--
9 files changed, 148 insertions(+), 253 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java
index 864cb3e19..9e80dc18d 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java
@@ -100,65 +100,74 @@ public void finalizeAcls() {
}
public void setUserAccessInfo(String userName, String accessType,
Integer access, RangerPolicy policy) {
- Map<String, AccessResult> userAccessInfo =
userACLs.get(userName);
+ Map<String, AccessResult> userAccessInfo =
userACLs.computeIfAbsent(userName, k -> new HashMap<>());
+ AccessResult existingResult =
userAccessInfo.get(accessType);
- if (userAccessInfo == null) {
- userAccessInfo = new HashMap<>();
-
- userACLs.put(userName, userAccessInfo);
+ if (existingResult == null) {
+ userAccessInfo.put(accessType, new AccessResult(access,
policy));
+ } else if (!ACCESS_CONDITIONAL.equals(access)) {
+ existingResult.setResult(access);
+ existingResult.setPolicy(policy);
}
+ }
- AccessResult accessResult = userAccessInfo.get(accessType);
-
- if (accessResult == null) {
- accessResult = new AccessResult(access, policy);
+ public void setGroupAccessInfo(String groupName, String accessType,
Integer access, RangerPolicy policy) {
+ Map<String, AccessResult> groupAccessInfo =
groupACLs.computeIfAbsent(groupName, k -> new HashMap<>());
+ AccessResult existingResult =
groupAccessInfo.get(accessType);
- userAccessInfo.put(accessType, accessResult);
- } else if (access != ACCESS_CONDITIONAL) {
- accessResult.setResult(access);
- accessResult.setPolicy(policy);
+ if (existingResult == null) {
+ groupAccessInfo.put(accessType, new
AccessResult(access, policy));
+ } else if (!ACCESS_CONDITIONAL.equals(access)) {
+ existingResult.setResult(access);
+ existingResult.setPolicy(policy);
}
}
- public void setGroupAccessInfo(String groupName, String accessType,
Integer access, RangerPolicy policy) {
- Map<String, AccessResult> groupAccessInfo =
groupACLs.get(groupName);
-
- if (groupAccessInfo == null) {
- groupAccessInfo = new HashMap<>();
+ public void setRoleAccessInfo(String roleName, String accessType,
Integer access, RangerPolicy policy) {
+ Map<String, AccessResult> roleAccessInfo =
roleACLs.computeIfAbsent(roleName, k -> new HashMap<>());
+ AccessResult existingResult =
roleAccessInfo.get(accessType);
- groupACLs.put(groupName, groupAccessInfo);
+ if (existingResult == null) {
+ roleAccessInfo.put(accessType, new AccessResult(access,
policy));
+ } else if (!ACCESS_CONDITIONAL.equals(access)) {
+ existingResult.setResult(access);
+ existingResult.setPolicy(policy);
}
+ }
- AccessResult accessResult = groupAccessInfo.get(accessType);
-
- if (accessResult == null) {
- accessResult = new AccessResult(access, policy);
+ public void setUserAccessInfo(String userName, String accessType,
AccessResult accessResult) {
+ Map<String, AccessResult> userAccessInfo =
userACLs.computeIfAbsent(userName, k -> new HashMap<>());
+ AccessResult existingResult =
userAccessInfo.get(accessType);
- groupAccessInfo.put(accessType, accessResult);
- } else if (access != ACCESS_CONDITIONAL) {
- accessResult.setResult(access);
- accessResult.setPolicy(policy);
+ if (existingResult == null) {
+ userAccessInfo.put(accessType, accessResult);
+ } else if
(!ACCESS_CONDITIONAL.equals(accessResult.getResult())) {
+ existingResult.setResult(accessResult.getResult());
+ existingResult.setPolicy(accessResult.getPolicy());
}
}
- public void setRoleAccessInfo(String roleName, String accessType,
Integer access, RangerPolicy policy) {
- Map<String, AccessResult> roleAccessInfo =
roleACLs.get(roleName);
-
- if (roleAccessInfo == null) {
- roleAccessInfo = new HashMap<>();
+ public void setGroupAccessInfo(String groupName, String accessType,
AccessResult accessResult) {
+ Map<String, AccessResult> groupAccessInfo =
groupACLs.computeIfAbsent(groupName, k -> new HashMap<>());
+ AccessResult existingResult =
groupAccessInfo.get(accessType);
- roleACLs.put(roleName, roleAccessInfo);
+ if (existingResult == null) {
+ groupAccessInfo.put(accessType, accessResult);
+ } else if
(!ACCESS_CONDITIONAL.equals(accessResult.getResult())) {
+ existingResult.setResult(accessResult.getResult());
+ existingResult.setPolicy(accessResult.getPolicy());
}
+ }
- AccessResult accessResult = roleAccessInfo.get(accessType);
-
- if (accessResult == null) {
- accessResult = new AccessResult(access, policy);
+ public void setRoleAccessInfo(String roleName, String accessType,
AccessResult accessResult) {
+ Map<String, AccessResult> roleAccessInfo =
roleACLs.computeIfAbsent(roleName, k -> new HashMap<>());
+ AccessResult existingResult =
roleAccessInfo.get(accessType);
+ if (existingResult == null) {
roleAccessInfo.put(accessType, accessResult);
- } else if (access != ACCESS_CONDITIONAL) {
- accessResult.setResult(access);
- accessResult.setPolicy(policy);
+ } else if
(!ACCESS_CONDITIONAL.equals(accessResult.getResult())) {
+ existingResult.setResult(accessResult.getResult());
+ existingResult.setPolicy(accessResult.getPolicy());
}
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
index 2856ccc6b..767ef8a4a 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
@@ -596,6 +596,17 @@ void finalizeAcls(final boolean isDenyAllElse, final
Set<String> allAccessTypeNa
}
}
+ @Override
+ public String toString() {
+ return "PolicyACLSummary{" +
+ "usersAccessInfo=" + usersAccessInfo +
+ ", groupsAccessInfo=" +
groupsAccessInfo +
+ ", rolesAccessInfo=" + rolesAccessInfo +
+ ", rowFilters=" + rowFilters +
+ ", dataMasks=" + dataMasks +
+ '}';
+ }
+
private void addAccess(String accessorName, AccessorType
accessorType, String accessType, Integer access, int policyItemType) {
final Map<String, Map<String, AccessResult>>
accessorsAccessInfo;
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index ca85abdb4..c0ed4d1ea 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -1394,13 +1394,13 @@ private static void overrideACLs(final
RangerResourceACLs chainedResourceACLs, R
switch (userType) {
case USER:
-
baseResourceACLs.setUserAccessInfo(name, chainedAccessType,
finalAccessResult.getResult(), finalAccessResult.getPolicy());
+
baseResourceACLs.setUserAccessInfo(name, chainedAccessType, finalAccessResult);
break;
case GROUP:
-
baseResourceACLs.setGroupAccessInfo(name, chainedAccessType,
finalAccessResult.getResult(), finalAccessResult.getPolicy());
+
baseResourceACLs.setGroupAccessInfo(name, chainedAccessType, finalAccessResult);
break;
case ROLE:
-
baseResourceACLs.setRoleAccessInfo(name, chainedAccessType,
finalAccessResult.getResult(), finalAccessResult.getPolicy());
+
baseResourceACLs.setRoleAccessInfo(name, chainedAccessType, finalAccessResult);
break;
default:
break;
diff --git
a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
index 160e14cec..02f3bfc12 100644
---
a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
+++
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
@@ -27,14 +27,11 @@
import java.util.List;
import java.util.Map;
import java.util.Objects;
-import java.util.Set;
import com.google.gson.JsonDeserializationContext;
import com.google.gson.JsonDeserializer;
import com.google.gson.JsonElement;
import com.google.gson.JsonParseException;
-import org.apache.commons.collections.MapUtils;
-import org.apache.commons.lang.StringUtils;
import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import
org.apache.ranger.plugin.policyengine.RangerAccessRequest.ResourceMatchingScope;
import org.apache.ranger.plugin.policyengine.RangerResourceACLs.DataMaskResult;
@@ -129,163 +126,11 @@ private void runTests(InputStreamReader reader, String
testName) throws Exceptio
RangerResourceACLs acls =
policyEngine.getResourceACLs(request);
- boolean userACLsMatched = true,
groupACLsMatched = true, roleACLsMatched = true, rowFiltersMatched = true,
dataMaskingMatched = true;
-
- if (MapUtils.isNotEmpty(acls.getUserACLs()) &&
MapUtils.isNotEmpty(oneTest.userPermissions)) {
- assertEquals("getResourceACLs() failed!
" + testCase.name + ":" + oneTest.name + " - userACLsMatched",
oneTest.userPermissions.size(), acls.getUserACLs().size());
-
- for (Map.Entry<String, Map<String,
RangerResourceACLs.AccessResult>> entry :
-
acls.getUserACLs().entrySet()) {
- String userName =
entry.getKey();
- Map<String,
RangerResourceACLs.AccessResult> expected =
oneTest.userPermissions.get(userName);
- if
(MapUtils.isNotEmpty(entry.getValue()) && MapUtils.isNotEmpty(expected)) {
- // Compare
- for (Map.Entry<String,
RangerResourceACLs.AccessResult> privilege : entry.getValue().entrySet()) {
- if
(StringUtils.equals(RangerPolicyEngine.ADMIN_ACCESS, privilege.getKey())) {
-
continue;
- }
-
RangerResourceACLs.AccessResult expectedResult =
expected.get(privilege.getKey());
- if
(expectedResult == null) {
-
userACLsMatched = false;
- break;
- } else if
(!expectedResult.equals(privilege.getValue())) {
-
userACLsMatched = false;
- break;
- }
- }
- } else if
(!(MapUtils.isEmpty(entry.getValue()) && MapUtils.isEmpty(expected))){
- Set<String> privileges
= entry.getValue().keySet();
- if (privileges.size()
== 1 && privileges.contains(RangerPolicyEngine.ADMIN_ACCESS)) {
- userACLsMatched
= true;
- } else {
- userACLsMatched
= false;
- }
- break;
- }
- if (!userACLsMatched) {
- break;
- }
- }
- } else if
(!(MapUtils.isEmpty(acls.getUserACLs()) &&
MapUtils.isEmpty(oneTest.userPermissions))) {
- userACLsMatched = false;
- }
-
- if (acls.getDataMasks().isEmpty()) {
- dataMaskingMatched = (oneTest.dataMasks
== null || oneTest.dataMasks.isEmpty());
- } else if (acls.getDataMasks().size() !=
(oneTest.dataMasks == null ? 0 : oneTest.dataMasks.size())) {
- dataMaskingMatched = false;
- } else {
- for (int i = 0; i <
acls.getDataMasks().size(); i++) {
- DataMaskResult found =
acls.getDataMasks().get(i);
- DataMaskResult expected =
oneTest.dataMasks.get(i);
-
- dataMaskingMatched =
found.equals(expected);
-
- if (!dataMaskingMatched) {
- break;
- }
- }
- }
-
- if (acls.getRowFilters().isEmpty()) {
- rowFiltersMatched = (oneTest.rowFilters
== null || oneTest.rowFilters.isEmpty());
- } else if (acls.getRowFilters().size() !=
(oneTest.rowFilters == null ? 0 : oneTest.rowFilters.size())) {
- rowFiltersMatched = false;
- } else {
- for (int i = 0; i <
acls.getRowFilters().size(); i++) {
- RowFilterResult found =
acls.getRowFilters().get(i);
- RowFilterResult expected =
oneTest.rowFilters.get(i);
-
- rowFiltersMatched =
found.equals(expected);
-
- if (!rowFiltersMatched) {
- break;
- }
- }
- }
-
- if (MapUtils.isNotEmpty(acls.getGroupACLs()) &&
MapUtils.isNotEmpty(oneTest.groupPermissions)) {
- assertEquals("getResourceACLs() failed!
" + testCase.name + ":" + oneTest.name + " - groupACLsMatched",
oneTest.groupPermissions.size(), acls.getGroupACLs().size());
-
- for (Map.Entry<String, Map<String,
RangerResourceACLs.AccessResult>> entry :
-
acls.getGroupACLs().entrySet()) {
- String groupName =
entry.getKey();
- Map<String,
RangerResourceACLs.AccessResult> expected =
oneTest.groupPermissions.get(groupName);
- if
(MapUtils.isNotEmpty(entry.getValue()) && MapUtils.isNotEmpty(expected)) {
- // Compare
- for (Map.Entry<String,
RangerResourceACLs.AccessResult> privilege : entry.getValue().entrySet()) {
- if
(StringUtils.equals(RangerPolicyEngine.ADMIN_ACCESS, privilege.getKey())) {
-
continue;
- }
-
RangerResourceACLs.AccessResult expectedResult =
expected.get(privilege.getKey());
- if
(expectedResult == null) {
-
groupACLsMatched = false;
- break;
- } else if
(!expectedResult.equals(privilege.getValue())) {
-
groupACLsMatched = false;
- break;
- }
- }
- } else if
(!(MapUtils.isEmpty(entry.getValue()) && MapUtils.isEmpty(expected))){
- Set<String> privileges
= entry.getValue().keySet();
- if (privileges.size()
== 1 && privileges.contains(RangerPolicyEngine.ADMIN_ACCESS)) {
-
groupACLsMatched = true;
- } else {
-
groupACLsMatched = false;
- }
- break;
- }
- if (!groupACLsMatched) {
- break;
- }
- }
- } else if
(!(MapUtils.isEmpty(acls.getGroupACLs()) &&
MapUtils.isEmpty(oneTest.groupPermissions))) {
- groupACLsMatched = false;
- }
-
- if (MapUtils.isNotEmpty(acls.getRoleACLs()) &&
MapUtils.isNotEmpty(oneTest.rolePermissions)) {
- assertEquals("getResourceACLs() failed!
" + testCase.name + ":" + oneTest.name + " - roleACLsMatched",
oneTest.rolePermissions.size(), acls.getRoleACLs().size());
-
- for (Map.Entry<String, Map<String,
RangerResourceACLs.AccessResult>> entry :
-
acls.getRoleACLs().entrySet()) {
- String roleName =
entry.getKey();
- Map<String,
RangerResourceACLs.AccessResult> expected =
oneTest.rolePermissions.get(roleName);
- if
(MapUtils.isNotEmpty(entry.getValue()) && MapUtils.isNotEmpty(expected)) {
- // Compare
- for (Map.Entry<String,
RangerResourceACLs.AccessResult> privilege : entry.getValue().entrySet()) {
- if
(StringUtils.equals(RangerPolicyEngine.ADMIN_ACCESS, privilege.getKey())) {
-
continue;
- }
-
RangerResourceACLs.AccessResult expectedResult =
expected.get(privilege.getKey());
- if
(expectedResult == null) {
-
roleACLsMatched = false;
- break;
- } else if
(!expectedResult.equals(privilege.getValue())) {
-
roleACLsMatched = false;
- break;
- }
- }
- } else if
(!(MapUtils.isEmpty(entry.getValue()) && MapUtils.isEmpty(expected))){
- Set<String> privileges
= entry.getValue().keySet();
- if (privileges.size()
== 1 && privileges.contains(RangerPolicyEngine.ADMIN_ACCESS)) {
- roleACLsMatched
= true;
- } else {
- roleACLsMatched
= false;
- }
- break;
- }
- if (!roleACLsMatched) {
- break;
- }
- }
- } else if
(!(MapUtils.isEmpty(acls.getRoleACLs()) &&
MapUtils.isEmpty(oneTest.rolePermissions))) {
- roleACLsMatched = false;
- }
- assertTrue("getResourceACLs() failed! " +
testCase.name + ":" + oneTest.name + " - userACLsMatched", userACLsMatched);
- assertTrue("getResourceACLs() failed! " +
testCase.name + ":" + oneTest.name + " - groupACLsMatched", groupACLsMatched);
- assertTrue("getResourceACLs() failed! " +
testCase.name + ":" + oneTest.name + " - roleACLsMatched", roleACLsMatched);
- assertTrue("getResourceACLs() failed! " +
testCase.name + ":" + oneTest.name + " - rowFiltersMatched", rowFiltersMatched);
- assertTrue("getResourceACLs() failed! " +
testCase.name + ":" + oneTest.name + " - dataMaskingMatched",
dataMaskingMatched);
+ assertEquals(oneTest.name + ": userACLs
mismatch", oneTest.userPermissions, acls.getUserACLs());
+ assertEquals(oneTest.name + ": groupACLs
mismatch", oneTest.groupPermissions, acls.getGroupACLs());
+ assertEquals(oneTest.name + ": roleACLs
mismatch", oneTest.rolePermissions, acls.getRoleACLs());
+ assertEquals(oneTest.name + ": rowFilters
mismatch", oneTest.rowFilters, acls.getRowFilters());
+ assertEquals(oneTest.name + ": dataMasks
mismatch", oneTest.dataMasks, acls.getDataMasks());
});
}
}
diff --git a/agents-common/src/test/resources/plugin/test_base_plugin_hive.json
b/agents-common/src/test/resources/plugin/test_base_plugin_hive.json
index b8820cf41..201017b19 100644
--- a/agents-common/src/test/resources/plugin/test_base_plugin_hive.json
+++ b/agents-common/src/test/resources/plugin/test_base_plugin_hive.json
@@ -191,4 +191,4 @@
}
}
]
-}
\ No newline at end of file
+}
diff --git
a/agents-common/src/test/resources/policyengine/test_aclprovider_default.json
b/agents-common/src/test/resources/policyengine/test_aclprovider_default.json
index 5434fd28c..105630d5e 100644
---
a/agents-common/src/test/resources/policyengine/test_aclprovider_default.json
+++
b/agents-common/src/test/resources/policyengine/test_aclprovider_default.json
@@ -583,11 +583,13 @@
"tests": [
{ "name": "{USER} macro in database name",
"resource": { "elements": { "database": "user_madhan", "table":
"test_tbl1" } },
- "groupPermissions": { "public": { "select": { "result": 2,
"isFinal": true }, "update": { "result": 2, "isFinal": true } } }
+ "groupPermissions": { "public": { "select": { "result": 2,
"isFinal": true }, "update": { "result": 2, "isFinal": true } } },
+ "userPermissions": {}, "rolePermissions": {}, "dataMasks": [],
"rowFilters": []
},
{ "name": "${{USER.dept}} macro in database name",
"resource": { "elements": { "database": "dept_engg", "table":
"test_tbl1" } },
- "groupPermissions": { "public": { "select": { "result": 2,
"isFinal": true } }, "engg": { "select": { "result": 1, "isFinal": true } } }
+ "groupPermissions": { "public": { "select": { "result": 2,
"isFinal": true } }, "engg": { "select": { "result": 1, "isFinal": true } } },
+ "userPermissions": {}, "rolePermissions": {}, "dataMasks": [],
"rowFilters": []
},
{
"name": "denyAllElse-test",
@@ -597,74 +599,83 @@
"user2": {"select": {"result": -1, "isFinal": true}, "update":
{"result": -1, "isFinal": true},"create": {"result": -1, "isFinal":
true},"drop": {"result": -1, "isFinal": true},"alter": {"result": -1,
"isFinal": true},"index": {"result": -1, "isFinal": true},"lock": {"result":
-1, "isFinal": true}},
"user3": {"select": {"result": 1, "isFinal": true}, "update":
{"result": 1, "isFinal": true},"create": {"result": 1, "isFinal": true},"drop":
{"result": 1, "isFinal": true},"alter": {"result": 1, "isFinal": true},"index":
{"result": 1, "isFinal": true},"lock": {"result": -1, "isFinal": true}}},
"groupPermissions": {"public": {"select": {"result": 2, "isFinal":
true}, "update": {"result": 2, "isFinal": true},"create": {"result": 2,
"isFinal": true},"drop": {"result": 2, "isFinal": true},"alter": {"result": 2,
"isFinal": true},"index": {"result": 2, "isFinal": true},"lock": {"result": -1,
"isFinal": true}}},
- "rolePermissions": {}
+ "rolePermissions": {}, "dataMasks": [], "rowFilters": []
},
{
"name": "all-deny-test",
"resource": {"elements":{"database":"hr", "udf":"udf" }},
"userPermissions": {},
- "groupPermissions": {"public": {"select":{"result":-1,
"isFinal":true},"create":{"result":-1, "isFinal":true}}}
+ "groupPermissions": {"public": {"select":{"result":-1,
"isFinal":true},"create":{"result":-1, "isFinal":true},"_admin":{"result":-1,
"isFinal":true}}},
+ "rolePermissions": {}, "dataMasks": [], "rowFilters": []
},
{
"name": "no-deny-test",
"resource": {"elements":{"database":"default", "table":"test1",
"column":"column2"}},
- "userPermissions": {"user1":{"select":{"result":1, "isFinal":true}},
"user2":{"select":{"result":1, "isFinal":true}}, "admin":{"create":{"result":1,
"isFinal":true},"drop":{"result":1, "isFinal":true}}},
- "groupPermissions": {"group1": {"select":{"result":1,
"isFinal":true}}, "group2": {"select":{"result":1,
"isFinal":true}},"cluster-admin": {"create":{"result":1,
"isFinal":true},"drop":{"result":1, "isFinal":true}}}
+ "userPermissions": {"user1":{"select":{"result":1, "isFinal":true}},
"user2":{"select":{"result":1, "isFinal":true}}, "admin":{"create":{"result":1,
"isFinal":true},"drop":{"result":1, "isFinal":true},"_admin":{"result":1,
"isFinal":true}}},
+ "groupPermissions": {"group1": {"select":{"result":1,
"isFinal":true}}, "group2": {"select":{"result":1,
"isFinal":true}},"cluster-admin": {"create":{"result":1,
"isFinal":true},"drop":{"result":1, "isFinal":true}, "_admin":{"result":1,
"isFinal":true}}},
+ "rolePermissions": {}, "dataMasks": [], "rowFilters": []
},
{
"name": "partial-deny-test",
"resource": {"elements":{"database":"default", "table":"test2",
"column":"column2"}},
- "userPermissions": {"user1":{"select":{"result":1, "isFinal":true}},
"user2":{"select":{"result":-1, "isFinal":true},"create":{"result":-1,
"isFinal":true}}, "user3":{"select":{"result":1,
"isFinal":true},"create":{"result":-1,
"isFinal":true}},"user4":{"select":{"result":-1,
"isFinal":true},"create":{"result":-1,
"isFinal":true}},"admin":{"create":{"result":1,
"isFinal":true},"drop":{"result":1, "isFinal":true}}},
- "groupPermissions": {"group1": {"select":{"result":1,
"isFinal":true}}, "group2": {"select":{"result":1, "isFinal":true}},"group3":
{"select":{"result":-1, "isFinal":true},"create":{"result":-1,
"isFinal":true}},"cluster-admin": {"create":{"result":1,
"isFinal":true},"drop":{"result":1, "isFinal":true}}}
+ "userPermissions": {"user1":{"select":{"result":1, "isFinal":true}},
"user2":{"select":{"result":-1, "isFinal":true},"create":{"result":-1,
"isFinal":true}}, "user3":{"select":{"result":1,
"isFinal":true},"create":{"result":-1,
"isFinal":true}},"user4":{"select":{"result":-1,
"isFinal":true},"create":{"result":-1,
"isFinal":true}},"admin":{"create":{"result":1,
"isFinal":true},"drop":{"result":1, "isFinal":true},"_admin":{"result":1,
"isFinal":true}}},
+ "groupPermissions": {"group1": {"select":{"result":1,
"isFinal":true}}, "group2": {"select":{"result":1, "isFinal":true}},"group3":
{"select":{"result":-1, "isFinal":true},"create":{"result":-1,
"isFinal":true}},"cluster-admin": {"create":{"result":1,
"isFinal":true},"drop":{"result":1, "isFinal":true},"_admin":{"result":1,
"isFinal":true}}},
+ "rolePermissions": {}, "dataMasks": [], "rowFilters": []
},
{
"name": "conditional-deny-test",
"resource": {"elements":{"database":"finance", "table":"fin_1",
"column":"salary"}},
- "userPermissions": {"user1":{"select":{"result":1, "isFinal":true}},
"user2":{"select":{"result":1, "isFinal":true}}, "user3":{"select":{"result":2,
"isFinal":true}} },
- "groupPermissions": {"finance-controller": {"select":{"result":1,
"isFinal":true}}, "cluster-admin": {"select":{"result":2, "isFinal":true}}}
+ "userPermissions": {"user1":{"select":{"result":1,
"isFinal":true},"_admin":{"result":1, "isFinal":true}},
"user2":{"select":{"result":1, "isFinal":true},"_admin":{"result":1,
"isFinal":true}}, "user3":{"select":{"result":2,
"isFinal":true},"_admin":{"result":2, "isFinal":true}} },
+ "groupPermissions": {"finance-controller": {"select":{"result":1,
"isFinal":true},"_admin":{"result":1, "isFinal":true}}, "cluster-admin":
{"select":{"result":2, "isFinal":true},"_admin":{"result":2, "isFinal":true}}},
+ "rolePermissions": {}, "dataMasks": [], "rowFilters": []
},
{
"name": "conditional-tag-only-test-descendant",
"resource": {"elements":{"database":"finance", "table":"sales"}},
"resourceMatchingScope": "SELF_OR_DESCENDANTS",
- "userPermissions": {"hive":{"select":{"result":-1,
"isFinal":true},"create":{"result":1, "isFinal":true}, "drop":{"result":-1,
"isFinal":true}}, "admin":{"select":{"result":-1, "isFinal":true}} },
- "groupPermissions": {"public": {"index":{"result":2,
"isFinal":true}}}
+ "userPermissions": {"hive":{"select":{"result":-1,
"isFinal":true},"create":{"result":1, "isFinal":true}},
"admin":{"select":{"result":-1, "isFinal":true}} },
+ "groupPermissions": {"public": {"index":{"result":2,
"isFinal":true}}},
+ "rolePermissions": {}, "dataMasks": [], "rowFilters": []
},
{
"name": "all-types-of-policy-items",
"resource": {"elements":{"database":"default", "table":"table",
"column":"column"}},
- "userPermissions": {"user1":{"select":{"result":2, "isFinal":true}},
"user2":{"select":{"result":2, "isFinal":true}}, "user3":{"select":{"result":2,
"isFinal":true}}, "user4":{"select":{"result":2, "isFinal":true}} },
- "groupPermissions": {"public": {"select":{"result":2,
"isFinal":true}}, "cluster-admin": {"select":{"result":2, "isFinal":true}}}
+ "userPermissions": {"user1":{"select":{"result":2, "isFinal":true},
"_admin":{"result":2, "isFinal":true}}, "user2":{"select":{"result":2,
"isFinal":true}, "_admin":{"result":2, "isFinal":true}},
"user3":{"select":{"result":2, "isFinal":true}, "_admin":{"result":2,
"isFinal":true}}, "user4":{"select":{"result":2, "isFinal":true},
"_admin":{"result":2, "isFinal":true}} },
+ "groupPermissions": {"public": {"select":{"result":2,
"isFinal":true}, "_admin":{"result":2, "isFinal":true}}, "cluster-admin":
{"select":{"result":2, "isFinal":true}, "_admin":{"result":2, "isFinal":true}}},
+ "rolePermissions": {}, "dataMasks": [], "rowFilters": []
},
{
"name": "public-allow-test",
"resource": {"elements":{"database":"finance", "table":"accounts",
"column": "status" }},
- "userPermissions": {"john":{"select":{"result":2, "isFinal":true},
"update":{"result":2, "isFinal":true}}, "jane":{"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true}}},
- "groupPermissions": {"public": {"select":{"result":2,
"isFinal":true}}, "accounting": {"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true}}, "admin":
{"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}},
"housekeeping":{"select":{"result":-1, "isFinal":true}}}
+ "userPermissions": {"john":{"select":{"result":2, "isFinal":true},
"update":{"result":2, "isFinal":true}, "_admin":{"result": 2, "isFinal":
true}}, "jane":{"select":{"result":2, "isFinal":true},"update":{"result":2,
"isFinal":true}, "_admin":{"result": 2, "isFinal": true}}},
+ "groupPermissions": {"public": {"select":{"result":2,
"isFinal":true}}, "accounting": {"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true},"_admin":{"result":2,
"isFinal":true}}, "admin": {"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true},"_admin":{"result":2,
"isFinal":true}}, "housekeeping":{"select":{"result":-1, "isFinal":true}}},
+ "rolePermissions": {}, "dataMasks": [], "rowFilters": []
},
{
"name": "public-allow-test-next",
"resource": {"elements":{"database":"finance", "table":"accounts",
"column": "amount" }},
- "userPermissions": {"john":{"select":{"result":2, "isFinal":true},
"update":{"result":2, "isFinal":true}}, "jane":{"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true}}},
- "groupPermissions": {"public": {"select":{"result":2,
"isFinal":true}}, "accounting": {"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true}}, "admin":
{"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}},
"housekeeping":{"drop":{"result":-1, "isFinal":true}}}
+ "userPermissions": {"john":{"select":{"result":2, "isFinal":true},
"update":{"result":2, "isFinal":true}, "_admin":{"result":2, "isFinal":true}},
"jane":{"select":{"result":2, "isFinal":true},"update":{"result":2,
"isFinal":true}, "_admin":{"result":2, "isFinal":true}}},
+ "groupPermissions": {"public": {"select":{"result":2,
"isFinal":true}}, "accounting": {"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true},"_admin":{"result":2,
"isFinal":true}}, "admin": {"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true},"_admin":{"result":2,
"isFinal":true}}, "housekeeping":{"drop":{"result":-1, "isFinal":true}}},
+ "rolePermissions": {}, "dataMasks": [], "rowFilters": []
},
{
"name": "conditions-in-exceptions-test",
"resource": {"elements":{"database":"db1", "table":"tbl1", "column":
"col1" }},
"userPermissions": {"john":{"select":{"result":2, "isFinal":true},
"update":{"result":2, "isFinal":true}}, "jane":{"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true}},
"adam":{"drop":{"result":2, "isFinal":true}}, "eve":{"drop":{"result":2,
"isFinal":true}}},
- "groupPermissions": {}
+ "groupPermissions": {}, "rolePermissions": {}, "dataMasks": [],
"rowFilters": []
},
{
"name": "conditions-in-some-exceptions-test",
"resource": {"elements":{"database":"db2", "table":"tbl2", "column":
"col2" }},
"userPermissions": {"john":{"select":{"result":1, "isFinal":true},
"update":{"result":-1, "isFinal":true}}, "jane":{"select":{"result":1,
"isFinal":true},"update":{"result":1, "isFinal":true}},
"adam":{"drop":{"result":2, "isFinal":true}}, "eve":{"drop":{"result":2,
"isFinal":true}}},
- "groupPermissions": {}
+ "groupPermissions": {}, "rolePermissions": {}, "dataMasks": [],
"rowFilters": []
},
{
"name": "roles-test",
"resource": {"elements":{"database":"db3", "table":"tbl3", "column":
"col3" }},
"userPermissions": {"john":{"select":{"result":1, "isFinal":true},
"update":{"result":1, "isFinal":true}}, "jane":{"select":{"result":1,
"isFinal":true},"update":{"result":1, "isFinal":true}},
"adam":{"drop":{"result":-1, "isFinal":true}}, "eve":{"drop":{"result":-1,
"isFinal":true}}},
- "rolePermissions": {"tarzan":{"select":{"result":1, "isFinal":true},
"update":{"result":1, "isFinal":true}}, "eden":{"drop":{"result":-1,
"isFinal":true}}}
+ "rolePermissions": {"tarzan":{"select":{"result":1, "isFinal":true},
"update":{"result":1, "isFinal":true}}, "eden":{"drop":{"result":-1,
"isFinal":true}}},
+ "groupPermissions": {}, "dataMasks": [], "rowFilters": []
}
]
}
diff --git
a/agents-common/src/test/resources/policyengine/test_aclprovider_hdfs.json
b/agents-common/src/test/resources/policyengine/test_aclprovider_hdfs.json
index 9526763a2..37a06787d 100644
--- a/agents-common/src/test/resources/policyengine/test_aclprovider_hdfs.json
+++ b/agents-common/src/test/resources/policyengine/test_aclprovider_hdfs.json
@@ -107,23 +107,20 @@
{
"name": "test-finance-restricted",
"resource": {"elements":{"path":"/finance/restricted"}},
- "userPermissions": {},
"groupPermissions": {"finance": {"read": {"result": 1, "isFinal":
true}}},
- "rolePermissions": {}
+ "userPermissions": {}, "rolePermissions": {}, "rowFilters": [],
"dataMasks": []
},
{
"name": "test-finance-limited",
"resource": {"elements":{"path":"/finance/limited"}},
- "userPermissions": {},
"groupPermissions": {"stewards": {"read": {"result": 1, "isFinal":
true}}},
- "rolePermissions": {}
+ "userPermissions": {}, "rolePermissions": {}, "rowFilters": [],
"dataMasks": []
},
{
"name": "test-anything-under-public",
"resource": {"elements":{"path":"/public/anything"}},
- "userPermissions": {},
"groupPermissions": {"public": {"read": {"result": 1, "isFinal":
true}, "execute": {"result": 1, "isFinal": true}}},
- "rolePermissions": {}
+ "userPermissions": {}, "rolePermissions": {}, "rowFilters": [],
"dataMasks": []
}
]
}
diff --git
a/agents-common/src/test/resources/policyengine/test_aclprovider_mask_filter.json
b/agents-common/src/test/resources/policyengine/test_aclprovider_mask_filter.json
index c8f7acf5e..ae9c04a6f 100644
---
a/agents-common/src/test/resources/policyengine/test_aclprovider_mask_filter.json
+++
b/agents-common/src/test/resources/policyengine/test_aclprovider_mask_filter.json
@@ -326,7 +326,8 @@
{"users":["user2"], "groups":[], "roles":[],
"accessTypes":["select"], "maskInfo":{"dataMaskType":"SHUFFLE"}},
{"users":["user1"], "groups":[], "roles":[],
"accessTypes":["select"], "maskInfo":{"dataMaskType":"HASH"}},
{"users":["user2"], "groups":[], "roles":[],
"accessTypes":["select"], "maskInfo":{"dataMaskType":"MASK"}}
- ]
+ ],
+ "userPermissions": {}, "groupPermissions": {}, "rolePermissions":
{}, "rowFilters": []
},
{"name":"mask: hr.employee.date_of_birth",
"resource":{"elements":{"database":"hr", "table":"employee",
"column":"date_of_birth"}},
@@ -334,56 +335,64 @@
{"users":["user1"], "groups":[], "roles":[],
"accessTypes":["select"], "maskInfo":{"dataMaskType":"MASK"}},
{"users":["user2"], "groups":[], "roles":[],
"accessTypes":["select"], "maskInfo":{"dataMaskType":"SHUFFLE"}},
{"users":["user3"], "groups":[], "roles":[],
"accessTypes":["select"], "maskInfo":{"dataMaskType":"LAST_4"},
"isConditional": true}
- ]
+ ],
+ "userPermissions": {}, "groupPermissions": {}, "rolePermissions":
{}, "rowFilters": []
},
{"name":"mask: hr.employee.project - conditional: validity-schedule",
"resource":{"elements":{"database":"hr", "table":"employee",
"column":"project"}},
"dataMasks": [
{"users":["user1"], "groups":[], "roles":[],
"accessTypes":["select"], "maskInfo":{"dataMaskType":"MASK"}, "isConditional":
true},
{"users":["user2"], "groups":[], "roles":[],
"accessTypes":["select"], "maskInfo":{"dataMaskType":"HASH"}, "isConditional":
true}
- ]
+ ],
+ "userPermissions": {}, "groupPermissions": {}, "rolePermissions":
{}, "rowFilters": []
},
{"name":"mask: employee.personal.city - tag-based: RESTRICTED",
"resource":{"elements":{"database":"employee", "table":"personal",
"column":"city"}},
"dataMasks": [
{"users":["user1"], "groups":[], "roles":[],
"accessTypes":["select"], "maskInfo":{"dataMaskType":"MASK"}},
{"users":["user2"], "groups":[], "roles":[],
"accessTypes":["select"], "maskInfo":{"dataMaskType":"HASH"}}
- ]
+ ],
+ "userPermissions": {}, "groupPermissions": {}, "rolePermissions":
{}, "rowFilters": []
},
{"name":"mask: employee.personal.mrn - tag-based: DATA_QUALITY;
conditional",
"resource":{"elements":{"database":"employee", "table":"personal",
"column":"mrn"}},
"dataMasks": [
{"users":["user1"], "groups":[], "roles":[],
"accessTypes":["select"], "maskInfo":{"dataMaskType":"MASK"}, "isConditional":
true},
{"users":["user2"], "groups":[], "roles":[],
"accessTypes":["select"], "maskInfo":{"dataMaskType":"HASH"}, "isConditional":
true}
- ]
+ ],
+ "userPermissions": {}, "groupPermissions": {}, "rolePermissions":
{}, "rowFilters": []
},
{"name":"mask: employee.personal.address - tag-based:
RESTRICTED-FINAL; conditional: validity-schedule",
"resource":{"elements":{"database":"employee", "table":"personal",
"column":"address"}},
"dataMasks": [
{"users":["user1"], "groups":[], "roles":[],
"accessTypes":["select"], "maskInfo":{"dataMaskType":"MASK"}, "isConditional":
true},
{"users":["user2"], "groups":[], "roles":[],
"accessTypes":["select"], "maskInfo":{"dataMaskType":"HASH"}, "isConditional":
true}
- ]
+ ],
+ "userPermissions": {}, "groupPermissions": {}, "rolePermissions":
{}, "rowFilters": []
},
{"name":"mask: finance.forecast.revenue - tag-based: RESTRICTED;
conditional: tag-validity-period",
"resource":{"elements":{"database":"finance", "table":"forecast",
"column":"revenue"}},
"dataMasks": [
{"users":["user1"], "groups":[], "roles":[],
"accessTypes":["select"], "maskInfo":{"dataMaskType":"MASK"}, "isConditional":
true},
{"users":["user2"], "groups":[], "roles":[],
"accessTypes":["select"], "maskInfo":{"dataMaskType":"HASH"}, "isConditional":
true}
- ]
+ ],
+ "userPermissions": {}, "groupPermissions": {}, "rolePermissions":
{}, "rowFilters": []
},
{ "name": "mask: test_db.dept_hr.col1: conditional",
"resource": { "elements": { "database": "test_db",
"table":"dept_hr", "column":"col1" } },
"dataMasks": [
{ "users": [ ], "groups": [ "public" ], "roles": [],
"accessTypes": [ "select" ], "maskInfo": { "dataMaskType": "MASK_NONE" },
"isConditional": true },
{ "users": [ ], "groups": [ "public" ], "roles": [],
"accessTypes": [ "select" ], "maskInfo": { "dataMaskType": "MASK_HASH" },
"isConditional": false }
- ]
+ ],
+ "userPermissions": {}, "groupPermissions": {}, "rolePermissions":
{}, "rowFilters": []
},
{"name":"row-filter: employee.personal",
"resource":{"elements":{"database":"employee", "table":"personal"}},
"rowFilters":[
{"users":["user1"], "groups":[], "roles":[],
"accessTypes":["select"], "filterInfo":{"filterExpr":"location='US'"}},
{"users":["user2"], "groups":[], "roles":[],
"accessTypes":["select"], "filterInfo":{"filterExpr":"location='CA'"}}
- ]
+ ],
+ "userPermissions": {}, "groupPermissions": {}, "rolePermissions":
{}, "dataMasks": []
},
{"name":"row-filter: hr.employee",
"resource":{"elements":{"database":"hr", "table":"employee"}},
@@ -391,21 +400,24 @@
{"users":["user1"], "groups":[], "roles":[],
"accessTypes":["select"], "filterInfo":{"filterExpr":"dept='production'"}},
{"users":["user2"], "groups":[], "roles":[],
"accessTypes":["select"], "filterInfo":{"filterExpr":"dept='purchase'"}},
{"users":["user3"], "groups":[], "roles":[],
"accessTypes":["select"], "filterInfo":{"filterExpr":"location='GR'"},
"isConditional": true}
- ]
+ ],
+ "userPermissions": {}, "groupPermissions": {}, "rolePermissions":
{}, "dataMasks": []
},
{"name":"row-filter: hr.employee2 - conditional: validity-schedule",
"resource":{"elements":{"database":"hr", "table":"employee2"}},
"rowFilters":[
{"users":["user1"], "groups":[], "roles":[],
"accessTypes":["select"], "filterInfo":{"filterExpr":"dept='production'"},
"isConditional": true},
{"users":["user2"], "groups":[], "roles":[],
"accessTypes":["select"], "filterInfo":{"filterExpr":"dept='purchase'"},
"isConditional": true}
- ]
+ ],
+ "userPermissions": {}, "groupPermissions": {}, "rolePermissions":
{}, "dataMasks": []
},
{ "name": "row-filter: test_db.dept_hr: conditional",
"resource": { "elements": { "database": "test_db", "table":"dept_hr"
} },
"rowFilters": [
{ "users": [], "groups": [ "public" ], "roles": [], "accessTypes":
[ "select" ], "filterInfo": { "filterExpr": "1 = 1" }, "isConditional":
true },
{ "users": [], "groups": [ "public" ], "roles": [], "accessTypes":
[ "select" ], "filterInfo": { "filterExpr": "dept != 'hr'" }, "isConditional":
false }
- ]
+ ],
+ "userPermissions": {}, "groupPermissions": {}, "rolePermissions":
{}, "dataMasks": []
}
]
}
diff --git
a/agents-common/src/test/resources/policyengine/test_aclprovider_resource_hierarchy_tags.json
b/agents-common/src/test/resources/policyengine/test_aclprovider_resource_hierarchy_tags.json
index 206a6563d..4e9d29229 100644
---
a/agents-common/src/test/resources/policyengine/test_aclprovider_resource_hierarchy_tags.json
+++
b/agents-common/src/test/resources/policyengine/test_aclprovider_resource_hierarchy_tags.json
@@ -150,7 +150,8 @@
"tests": [
{ "name": "table: db1.tbl1",
"resource": { "elements": { "database": "db1", "table":
"tbl1" } },
- "userPermissions": { "test-user": { "select": { "result": 1,
"isFinal": true } } }
+ "userPermissions": { "test-user": { "select": { "result": 1,
"isFinal": true } } },
+ "groupPermissions": {}, "rolePermissions": {}, "rowFilters": [],
"dataMasks": []
},
{ "name": "column: db1.tbl1.SSN",
"resource": { "elements": { "database": "db1", "table":
"tbl1", "column": "SSN" } },
@@ -159,7 +160,8 @@
{"users": [ "test-user" ], "groups": [], "roles": [],
"accessTypes": [ "select" ], "maskInfo": { "dataMaskType": "SHUFFLE" },
"isConditional": true },
{"users": [ "test-user" ], "groups": [], "roles": [],
"accessTypes": [ "select" ], "maskInfo": { "dataMaskType": "MASK" },
"isConditional": true },
{"users": [ "test-user" ], "groups": [], "roles": [],
"accessTypes": [ "select" ], "maskInfo": { "dataMaskType": "MASK_HASH" },
"isConditional": true }
- ]
+ ],
+ "groupPermissions": {}, "rolePermissions": {}, "rowFilters": []
},
{ "name": "column: db1.tbl1.Age",
"resource": { "elements": { "database": "db1", "table":
"tbl1", "column": "Age" } },
@@ -168,7 +170,8 @@
{"users": [ "test-user" ], "groups": [], "roles": [],
"accessTypes": [ "select" ], "maskInfo": { "dataMaskType": "SHUFFLE" },
"isConditional": true },
{"users": [ "test-user" ], "groups": [], "roles": [],
"accessTypes": [ "select" ], "maskInfo": { "dataMaskType": "MASK" },
"isConditional": true },
{"users": [ "test-user" ], "groups": [], "roles": [],
"accessTypes": [ "select" ], "maskInfo": { "dataMaskType": "MASK_HASH" },
"isConditional": true }
- ]
+ ],
+ "groupPermissions": {}, "rolePermissions": {}, "rowFilters": []
},
{ "name": "column: db1.tbl1.Name",
"resource": { "elements": { "database": "db1", "table":
"tbl1", "column": "Name" } },
@@ -177,15 +180,18 @@
{"users": [ "test-user" ], "groups": [], "roles": [],
"accessTypes": [ "select" ], "maskInfo": { "dataMaskType": "SHUFFLE" },
"isConditional": true },
{"users": [ "test-user" ], "groups": [], "roles": [],
"accessTypes": [ "select" ], "maskInfo": { "dataMaskType": "MASK" },
"isConditional": true },
{"users": [ "test-user" ], "groups": [], "roles": [],
"accessTypes": [ "select" ], "maskInfo": { "dataMaskType": "MASK_HASH" },
"isConditional": true }
- ]
+ ],
+ "groupPermissions": {}, "rolePermissions": {}, "rowFilters": []
},
{ "name": "database: db2",
"resource": { "elements": { "database": "db2" } },
- "userPermissions": { "test-user": { "select": { "result": 1,
"isFinal": true } } }
+ "userPermissions": { "test-user": { "select": { "result": 1,
"isFinal": true } } },
+ "groupPermissions": {}, "rolePermissions": {}, "rowFilters": [],
"dataMasks": []
},
{ "name": "table: db2.tbl1",
"resource": { "elements": { "database": "db2", "table":
"tbl1" } },
- "userPermissions": { "test-user": { "select": { "result": 1,
"isFinal": true } } }
+ "userPermissions": { "test-user": { "select": { "result": 1,
"isFinal": true } } },
+ "groupPermissions": {}, "rolePermissions": {}, "rowFilters": [],
"dataMasks": []
},
{ "name": "column: db2.tbl1.Name",
"resource": { "elements": { "database": "db2", "table":
"tbl1", "column": "Name" } },
@@ -194,18 +200,21 @@
{"users": [ "test-user" ], "groups": [], "roles": [],
"accessTypes": [ "select" ], "maskInfo": { "dataMaskType": "SHUFFLE" },
"isConditional": true },
{"users": [ "test-user" ], "groups": [], "roles": [],
"accessTypes": [ "select" ], "maskInfo": { "dataMaskType": "MASK" },
"isConditional": true },
{"users": [ "test-user" ], "groups": [], "roles": [],
"accessTypes": [ "select" ], "maskInfo": { "dataMaskType": "MASK_HASH" },
"isConditional": true }
- ]
+ ],
+ "groupPermissions": {}, "rolePermissions": {}, "rowFilters": []
},
{ "name": "database: order",
"resource": { "elements": { "database": "order" } },
- "userPermissions": { "dba": { "create": { "result": 1, "isFinal":
true } } }
+ "userPermissions": { "dba": { "create": { "result": 1, "isFinal":
true } } },
+ "groupPermissions": {}, "rolePermissions": {}, "rowFilters": [],
"dataMasks": []
},
{ "name": "table: order.customer",
"resource": { "elements": { "database": "order", "table":
"customer" } },
"userPermissions": {
"test-user": { "select": { "result": 1, "isFinal": true } },
"dba": { "create": { "result": 1, "isFinal": true } }
- }
+ },
+ "groupPermissions": {}, "rolePermissions": {}, "rowFilters": [],
"dataMasks": []
},
{ "name": "column: order.customer.address",
"resource": { "elements": { "database": "order", "table":
"customer", "column": "address" } },
@@ -216,7 +225,8 @@
"dataMasks": [
{ "users": [ "test-user" ], "groups": [], "roles": [],
"accessTypes": [ "select" ], "maskInfo": { "dataMaskType": "MASK_NONE" },
"isConditional": false },
{ "users": [ "test-user" ], "groups": [], "roles": [],
"accessTypes": [ "select" ], "maskInfo": { "dataMaskType": "MASK_HASH" },
"isConditional": false }
- ]
+ ],
+ "groupPermissions": {}, "rolePermissions": {}, "rowFilters": []
}
]
}
