This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/RANGER-3923 by this push:
new 4f362e1bf RANGER-4269: gds enricher implementation to grant access
using dataset/project policies - #2
4f362e1bf is described below
commit 4f362e1bf948db8a5e5726876c945be484842c05
Author: Madhan Neethiraj <mad...@apache.org>
AuthorDate: Wed Nov 8 18:51:13 2023 -0800
RANGER-4269: gds enricher implementation to grant access using
dataset/project policies - #2
---
.../plugin/policyengine/RangerAccessResult.java | 14 +--
.../policyengine/RangerPolicyEngineImpl.java | 4 +-
.../plugin/policyengine/gds/GdsAccessResult.java | 64 +++---------
.../policyengine/gds/GdsDataShareEvaluator.java | 17 ++--
.../policyengine/gds/GdsDatasetEvaluator.java | 19 ++--
.../plugin/policyengine/gds/GdsPolicyEngine.java | 110 ++++++++++++---------
.../policyengine/gds/GdsProjectEvaluator.java | 10 +-
.../gds/test_gds_policy_engine_hive.json | 46 ++++-----
8 files changed, 130 insertions(+), 154 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
index 69e8ed9fc..402cbda68 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
@@ -25,8 +25,8 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.util.ServiceDefUtil;
import java.util.HashMap;
-import java.util.List;
import java.util.Map;
+import java.util.Set;
public class RangerAccessResult {
public final static String KEY_MASK_TYPE = "maskType";
@@ -328,11 +328,11 @@ public class RangerAccessResult {
return StringUtils.isNotEmpty(getFilterExpr());
}
- public List<String> getDatasets() {
- return additionalInfo == null ? null : (List<String>)
additionalInfo.get(KEY_DATASETS);
+ public Set<String> getDatasets() {
+ return additionalInfo == null ? null : (Set<String>)
additionalInfo.get(KEY_DATASETS);
}
- public void setDatasets(List<String> datasets) {
+ public void setDatasets(Set<String> datasets) {
if (datasets == null) {
removeAdditionalInfo(KEY_DATASETS);
} else {
@@ -340,11 +340,11 @@ public class RangerAccessResult {
}
}
- public List<String> getProjects() {
- return additionalInfo == null ? null : (List<String>)
additionalInfo.get(KEY_PROJECTS);
+ public Set<String> getProjects() {
+ return additionalInfo == null ? null : (Set<String>)
additionalInfo.get(KEY_PROJECTS);
}
- public void setProjects(List<String> projects) {
+ public void setProjects(Set<String> projects) {
if (projects == null) {
removeAdditionalInfo(KEY_PROJECTS);
} else {
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
index 868122869..e268fff38 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -1154,8 +1154,8 @@ public class RangerPolicyEngineImpl implements
RangerPolicyEngine {
result.setIsAudited(true);
}
- result.setDatasets(gdsResult.getDatasetNames());
- result.setProjects(gdsResult.getProjectNames());
+ result.setDatasets(gdsResult.getDatasets());
+ result.setProjects(gdsResult.getProjects());
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("updateFromGdsResult(): no
GdsAccessResult found in request context({})", request);
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java
index 2d0ec0379..b2158579f 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java
@@ -22,75 +22,41 @@ package org.apache.ranger.plugin.policyengine.gds;
import java.util.*;
public class GdsAccessResult {
- private Set<Long> datasets;
- private Set<Long> projects;
- private List<String> datasetNames;
- private List<String> projectNames;
- private boolean isAllowed;
- private boolean isAudited;
- private long policyId = -1;
- private Long policyVersion;
+ private Set<String> datasets;
+ private Set<String> projects;
+ private boolean isAllowed;
+ private boolean isAudited;
+ private long policyId = -1;
+ private Long policyVersion;
public GdsAccessResult() {
}
- public void addDataset(Long datasetId) {
+ public void addDataset(String name) {
if (datasets == null) {
datasets = new HashSet<>();
}
- datasets.add(datasetId);
+ datasets.add(name);
}
- public boolean hasDataset(Long datasetId) {
- return datasets != null && datasets.contains(datasetId);
- }
-
- public Set<Long> getDatasets() {
+ public Set<String> getDatasets() {
return datasets;
}
- public void addDatasetName(String name) {
- if (datasetNames == null) {
- datasetNames = datasets == null ? new ArrayList<>() : new
ArrayList<>(datasets.size());
- }
-
- datasetNames.add(name);
- }
-
- public List<String> getDatasetNames() {
- return datasetNames;
- }
-
- public void addProject(Long projectId) {
+ public void addProject(String name) {
if (projects == null) {
projects = new HashSet<>();
}
- projects.add(projectId);
+ projects.add(name);
}
- public boolean hasProject(Long projectId) {
- return projects != null && projects.contains(projectId);
- }
-
- public Set<Long> getProjects() {
+ public Set<String> getProjects() {
return projects;
}
- public void addProjectName(String name) {
- if (projectNames == null) {
- projectNames = projects == null ? new ArrayList<>() : new
ArrayList<>(projects.size());
- }
-
- projectNames.add(name);
- }
-
- public List<String> getProjectNames() {
- return projectNames;
- }
-
public boolean getIsAllowed() {
return isAllowed;
}
@@ -125,7 +91,7 @@ public class GdsAccessResult {
@Override
public int hashCode() {
- return Objects.hash(datasets, projects, datasetNames, projectNames,
isAllowed, isAudited, policyId, policyVersion);
+ return Objects.hash(datasets, projects, isAllowed, isAudited,
policyId, policyVersion);
}
@Override
@@ -139,8 +105,6 @@ public class GdsAccessResult {
return Objects.equals(datasets, other.datasets) &&
Objects.equals(projects, other.projects) &&
- Objects.equals(datasetNames, other.datasetNames) &&
- Objects.equals(projectNames, other.projectNames) &&
Objects.equals(isAllowed, other.isAllowed) &&
Objects.equals(isAudited, other.isAudited) &&
Objects.equals(policyId, other.policyId) &&
@@ -161,8 +125,6 @@ public class GdsAccessResult {
sb.append("RangerGdsAccessResult={");
sb.append("datasets={").append(datasets).append("}");
sb.append(", projects={").append(projects).append("}");
- sb.append(", datasetNames={").append(datasetNames).append("}");
- sb.append(", projectNames={").append(projectNames).append("}");
sb.append(", isAllowed={").append(isAllowed).append("}");
sb.append(", isAudited={").append(isAudited).append("}");
sb.append(", policyId={").append(policyId).append("}");
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDataShareEvaluator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDataShareEvaluator.java
index 198907855..83ab59630 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDataShareEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDataShareEvaluator.java
@@ -21,12 +21,11 @@ package org.apache.ranger.plugin.policyengine.gds;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.plugin.conditionevaluator.RangerConditionEvaluator;
-import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
import org.apache.ranger.plugin.model.validation.RangerServiceDefHelper;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerResourceTrie;
import org.apache.ranger.plugin.policyevaluator.RangerCustomConditionEvaluator;
-import org.apache.ranger.plugin.policyresourcematcher.RangerResourceEvaluator;
import org.apache.ranger.plugin.util.RangerResourceEvaluatorsRetriever;
import org.apache.ranger.plugin.util.ServiceGdsInfo.DataShareInfo;
import org.apache.ranger.plugin.util.ServiceGdsInfo.SharedResourceInfo;
@@ -56,8 +55,8 @@ public class GdsDataShareEvaluator {
this.conditionEvaluator =
RangerCustomConditionEvaluator.getInstance().getExpressionEvaluator(dsh.getConditionExpr(),
serviceDefHelper.getServiceDef());
if (resources != null) {
- Set<String> resourceKeys = new HashSet<>();
- List<RangerResourceEvaluator> evaluators = new
ArrayList<>(resources.size());
+ Set<String> resourceKeys = new HashSet<>();
+ List<GdsSharedResourceEvaluator> evaluators = new
ArrayList<>(resources.size());
for (SharedResourceInfo resource : resources) {
GdsSharedResourceEvaluator evaluator = new
GdsSharedResourceEvaluator(resource, dsh.getDefaultAccessTypes(),
serviceDefHelper);
@@ -68,8 +67,8 @@ public class GdsDataShareEvaluator {
}
for (String resourceKey : resourceKeys) {
- RangerServiceDef.RangerResourceDef resourceDef =
serviceDefHelper.getResourceDef(resourceKey);
- RangerResourceTrie resourceTrie = new
RangerResourceTrie<>(resourceDef, evaluators);
+ RangerResourceDef resourceDef =
serviceDefHelper.getResourceDef(resourceKey);
+ RangerResourceTrie<GdsSharedResourceEvaluator> resourceTrie =
new RangerResourceTrie<>(resourceDef, evaluators);
resourceTries.put(resourceKey, resourceTrie);
}
@@ -94,7 +93,7 @@ public class GdsDataShareEvaluator {
dsidEvaluators.add(dhidEvaluator);
}
- public void evaluate(RangerAccessRequest request, GdsAccessResult result) {
+ public void evaluate(RangerAccessRequest request, GdsAccessResult result,
Set<Long> datasetIds) {
LOG.debug("==> GdsDataShareEvaluator.evaluate({}, {})", request,
result);
Collection<GdsSharedResourceEvaluator> evaluators =
RangerResourceEvaluatorsRetriever.getEvaluators(resourceTries,
request.getResource().getAsMap(), request.getResourceElementMatchingScopes());
@@ -126,9 +125,9 @@ public class GdsDataShareEvaluator {
if (isAllowed) { // now find dsidEvaluators that allow the
request and collect their datasetIds
for (GdsDshidEvaluator dsidEvaluator : dsidEvaluators) {
- if (!result.hasDataset(dsidEvaluator.getDatasetId())) {
+ if
(!datasetIds.contains(dsidEvaluator.getDatasetId())) {
if (dsidEvaluator.isAllowed(request)) {
-
result.addDataset(dsidEvaluator.getDatasetId());
+ datasetIds.add(dsidEvaluator.getDatasetId());
}
}
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDatasetEvaluator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDatasetEvaluator.java
index 1de430def..61047134b 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDatasetEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDatasetEvaluator.java
@@ -29,10 +29,7 @@ import
org.apache.ranger.plugin.util.ServiceGdsInfo.DatasetInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.List;
+import java.util.*;
public class GdsDatasetEvaluator {
private static final Logger LOG =
LoggerFactory.getLogger(GdsDatasetEvaluator.class);
@@ -41,6 +38,7 @@ public class GdsDatasetEvaluator {
private final DatasetInfo dataset;
+ private final RangerServiceDef gdsServiceDef;
private final String name;
private final List<GdsDipEvaluator> dipEvaluators = new
ArrayList<>();
private final List<RangerPolicyEvaluator> policyEvaluators;
@@ -49,8 +47,9 @@ public class GdsDatasetEvaluator {
public GdsDatasetEvaluator(DatasetInfo dataset, RangerServiceDef
gdsServiceDef, RangerPolicyEngineOptions options) {
LOG.debug("==> GdsDatasetEvaluator()");
- this.dataset = dataset;
- this.name = StringUtils.isBlank(dataset.getName()) ?
StringUtils.EMPTY : dataset.getName();
+ this.dataset = dataset;
+ this.gdsServiceDef = gdsServiceDef;
+ this.name = StringUtils.isBlank(dataset.getName()) ?
StringUtils.EMPTY : dataset.getName();
if (dataset.getPolicies() != null) {
policyEvaluators = new ArrayList<>(dataset.getPolicies().size());
@@ -81,10 +80,10 @@ public class GdsDatasetEvaluator {
dipEvaluators.add(dipEvaluator);
}
- public void evaluate(RangerAccessRequest request, GdsAccessResult result,
RangerServiceDef gdsServiceDef) {
+ public void evaluate(RangerAccessRequest request, GdsAccessResult result,
Set<Long> projectIds) {
LOG.debug("==> GdsDatasetEvaluator.evaluate({}, {})", request, result);
- result.addDatasetName(getName());
+ result.addDataset(getName());
if (!policyEvaluators.isEmpty()) {
GdsDatasetAccessRequest datasetRequest = new
GdsDatasetAccessRequest(getId(), gdsServiceDef, request);
@@ -108,9 +107,9 @@ public class GdsDatasetEvaluator {
}
for (GdsDipEvaluator dipEvaluator : dipEvaluators) {
- if (!result.hasProject(dipEvaluator.getProjectId())) {
+ if (!projectIds.contains(dipEvaluator.getProjectId())) {
if (dipEvaluator.isAllowed(request)) {
- result.addProject(dipEvaluator.getProjectId());
+ projectIds.add(dipEvaluator.getProjectId());
}
}
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsPolicyEngine.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsPolicyEngine.java
index 64be44893..809bbfa96 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsPolicyEngine.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsPolicyEngine.java
@@ -19,7 +19,6 @@
package org.apache.ranger.plugin.policyengine.gds;
-import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.plugin.model.RangerGds;
import org.apache.ranger.plugin.model.RangerServiceDef;
@@ -65,7 +64,7 @@ public class GdsPolicyEngine {
}
public GdsAccessResult evaluate(RangerAccessRequest request) {
- LOG.debug("==> RangerGdsPolicyEngine.evaluate({})", request);;
+ LOG.debug("==> RangerGdsPolicyEngine.evaluate({})", request);
GdsAccessResult ret = null;
List<GdsDataShareEvaluator> dataShares =
getDataShareEvaluators(request);
@@ -77,12 +76,21 @@ public class GdsPolicyEngine {
dataShares.sort(GdsDataShareEvaluator.EVAL_ORDER_COMPARATOR);
}
+ Set<Long> datasetIds = new HashSet<>();
+
for (GdsDataShareEvaluator dshEvaluator : dataShares) {
- dshEvaluator.evaluate(request, ret);
+ dshEvaluator.evaluate(request, ret, datasetIds);
}
- evaluateDatasetPolicies(ret.getDatasets(), request, ret);
- evaluateProjectPolicies(ret.getProjects(), request, ret);
+ if (!datasetIds.isEmpty()) {
+ Set<Long> projectIds = new HashSet<>();
+
+ evaluateDatasetPolicies(datasetIds, request, ret, projectIds);
+
+ if (!projectIds.isEmpty()) {
+ evaluateProjectPolicies(projectIds, request, ret);
+ }
+ }
}
LOG.debug("<== RangerGdsPolicyEngine.evaluate({}): {}", request, ret);
@@ -229,70 +237,76 @@ public class GdsPolicyEngine {
return ret;
}
- private void evaluateDatasetPolicies(Set<Long> datasetIds,
RangerAccessRequest request, GdsAccessResult result) {
- if (CollectionUtils.isNotEmpty(datasetIds)) {
- List<GdsDatasetEvaluator> evaluators = new
ArrayList<>(datasetIds.size());
+ private void evaluateDatasetPolicies(Set<Long> datasetIds,
RangerAccessRequest request, GdsAccessResult result, Set<Long> projectIds) {
+ List<GdsDatasetEvaluator> evaluators = new
ArrayList<>(datasetIds.size());
- for (Long datasetId : datasetIds) {
- GdsDatasetEvaluator evaluator = datasets.get(datasetId);
+ for (Long datasetId : datasetIds) {
+ GdsDatasetEvaluator evaluator = datasets.get(datasetId);
- if (evaluator == null) {
- LOG.error("evaluateDatasetPolicies(): invalid datasetId in
result: {}. Ignored", datasetId);
+ if (evaluator == null) {
+ LOG.error("evaluateDatasetPolicies(): invalid datasetId in
result: {}. Ignored", datasetId);
- continue;
- }
-
- evaluators.add(evaluator);
+ continue;
}
- if (evaluators.size() > 1) {
- evaluators.sort(GdsDatasetEvaluator.EVAL_ORDER_COMPARATOR);
- }
+ evaluators.add(evaluator);
+ }
+ if (evaluators.size() > 1) {
+ evaluators.sort(GdsDatasetEvaluator.EVAL_ORDER_COMPARATOR);
+ }
+
+ if (!evaluators.isEmpty()) {
for (GdsDatasetEvaluator evaluator : evaluators) {
- evaluator.evaluate(request, result,
gdsInfo.getGdsServiceDef());
+ evaluator.evaluate(request, result, projectIds);
}
}
}
private void evaluateProjectPolicies(Set<Long> projectIds,
RangerAccessRequest request, GdsAccessResult result) {
- if (CollectionUtils.isNotEmpty(projectIds)) {
- List<GdsProjectEvaluator> evaluators = new
ArrayList<>(projectIds.size());
-
- for (Long projectId : projectIds) {
- GdsProjectEvaluator evaluator = projects.get(projectId);
+ List<GdsProjectEvaluator> evaluators = new
ArrayList<>(projectIds.size());
- if (evaluator == null) {
- LOG.error("evaluateProjectPolicies(): invalid projectId in
result: {}. Ignored", projectId);
+ for (Long projectId : projectIds) {
+ GdsProjectEvaluator evaluator = projects.get(projectId);
- continue;
- }
+ if (evaluator == null) {
+ LOG.error("evaluateProjectPolicies(): invalid projectId in
result: {}. Ignored", projectId);
- evaluators.add(evaluator);
+ continue;
}
- if (evaluators.size() > 1) {
- evaluators.sort(GdsProjectEvaluator.EVAL_ORDER_COMPARATOR);
- }
+ evaluators.add(evaluator);
+ }
- for (GdsProjectEvaluator evaluator : evaluators) {
- evaluator.evaluate(request, result,
gdsInfo.getGdsServiceDef());
- }
+ if (evaluators.size() > 1) {
+ evaluators.sort(GdsProjectEvaluator.EVAL_ORDER_COMPARATOR);
+ }
+
+ for (GdsProjectEvaluator evaluator : evaluators) {
+ evaluator.evaluate(request, result);
}
}
}
/*
- sharedRes-1--\
- |-- dataShare-1------- dataset-1--\
- sharedRes-2--/ / \
- / \_____ project-1
- sharedRes-3------ dataShare-2---\ /
- \___ dataset-2---/
- /
- sharedRes-4------ dataShare-3------/
-
- sharedRes-5------ dataShare-4-------- dataset-3 --------- project-2
-
- sharedRes-6------ dataShare-5-------- dataset-4
+ dataShare-1 ----------------------- dataset-1 ---
+ resource-1 / \
+ resource-2 / \
+ / \
+ dataShare-2 -------------------| | ---- project-1
+ resource-3 \ /
+ \ /
+ -- dataset-2---
+ /
+ dataShare-3 ---------------------
+ resource-3
+ resource-4
+
+ dataShare-4 ------------------------- dataset-3 --------- project-2
+ resource-4
+ resource-5
+
+ dataShare-5 ------------------------- dataset-4
+ resource-6
+ resource-7
*/
\ No newline at end of file
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsProjectEvaluator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsProjectEvaluator.java
index d5ce0e904..446f2a90a 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsProjectEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsProjectEvaluator.java
@@ -40,14 +40,16 @@ public class GdsProjectEvaluator {
public static final GdsProjectEvalOrderComparator EVAL_ORDER_COMPARATOR =
new GdsProjectEvalOrderComparator();
private final ProjectInfo project;
+ private final RangerServiceDef gdsServiceDef;
private final String name;
private final List<RangerPolicyEvaluator> policyEvaluators;
public GdsProjectEvaluator(ProjectInfo project, RangerServiceDef
gdsServiceDef, RangerPolicyEngineOptions options) {
LOG.debug("==> GdsProjectEvaluator({})", project);
- this.project = project;
- this.name = StringUtils.isBlank(project.getName()) ?
StringUtils.EMPTY : project.getName();
+ this.project = project;
+ this.gdsServiceDef = gdsServiceDef;
+ this.name = StringUtils.isBlank(project.getName()) ?
StringUtils.EMPTY : project.getName();
if (project.getPolicies() != null) {
policyEvaluators = new ArrayList<>(project.getPolicies().size());
@@ -74,10 +76,10 @@ public class GdsProjectEvaluator {
return name;
}
- public void evaluate(RangerAccessRequest request, GdsAccessResult result,
RangerServiceDef gdsServiceDef) {
+ public void evaluate(RangerAccessRequest request, GdsAccessResult result) {
LOG.debug("==> GdsDatasetEvaluator.evaluate({}, {})", request, result);
- result.addProjectName(getName());
+ result.addProject(getName());
if (!policyEvaluators.isEmpty()) {
GdsProjectAccessRequest projectRequest = new
GdsProjectAccessRequest(getId(), gdsServiceDef, request);
diff --git
a/agents-common/src/test/resources/policyengine/gds/test_gds_policy_engine_hive.json
b/agents-common/src/test/resources/policyengine/gds/test_gds_policy_engine_hive.json
index c3ef3c484..010baed5c 100644
---
a/agents-common/src/test/resources/policyengine/gds/test_gds_policy_engine_hive.json
+++
b/agents-common/src/test/resources/policyengine/gds/test_gds_policy_engine_hive.json
@@ -192,7 +192,7 @@
"resource": { "elements": { "database": "sales", "table":
"prospects" } },
"accessType": "select", "user": "ds-user", "userGroups": []
},
- "result": { "datasets": [ 1 ], "projects": [ 1 ], "datasetNames": [
"dataset-1" ], "projectNames": [ "project-1" ], "isAllowed": true, "isAudited":
true, "policyId": 2001 }
+ "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ],
"isAllowed": true, "isAudited": true, "policyId": 2001 }
},
{
"name": "table: sales.orders, user: ds-user, access: select",
@@ -200,7 +200,7 @@
"resource": { "elements": { "database": "sales", "table": "orders" }
},
"accessType": "select", "user": "ds-user", "userGroups": []
},
- "result": { "datasets": [ 1 ], "projects": [ 1 ], "datasetNames": [
"dataset-1" ], "projectNames": [ "project-1" ], "isAllowed": true, "isAudited":
true, "policyId": 2001 }
+ "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ],
"isAllowed": true, "isAudited": true, "policyId": 2001 }
},
{
"name": "table: finance.invoices, user: ds-user, access: select",
@@ -208,7 +208,7 @@
"resource": { "elements": { "database": "finance", "table":
"invoices" } },
"accessType": "select", "user": "ds-user", "userGroups": []
},
- "result": { "datasets": [ 1, 2 ], "projects": [ 1 ], "datasetNames": [
"dataset-1", "dataset-2" ], "projectNames": [ "project-1" ], "isAllowed": true,
"isAudited": true, "policyId": 2001 }
+ "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [
"project-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 }
},
{
"name": "table: finance.payments, user: ds-user, access: select",
@@ -216,7 +216,7 @@
"resource": { "elements": { "database": "finance", "table":
"payments" } },
"accessType": "select", "user": "ds-user", "userGroups": []
},
- "result": { "datasets": [ 1, 2 ], "projects": [ 1 ], "datasetNames": [
"dataset-1", "dataset-2" ], "projectNames": [ "project-1" ], "isAllowed": true,
"isAudited": true, "policyId": 2001 }
+ "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [
"project-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 }
},
{
"name": "table: shipping.shipments, user: ds-user, access: select",
@@ -224,7 +224,7 @@
"resource": { "elements": { "database": "shipping", "table":
"shipments" } },
"accessType": "select", "user": "ds-user", "userGroups": []
},
- "result": { "datasets": [ 2 ], "projects": [ 1 ], "datasetNames": [
"dataset-2" ], "projectNames": [ "project-1" ], "isAllowed": true, "isAudited":
true, "policyId": 2002 }
+ "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ],
"isAllowed": true, "isAudited": true, "policyId": 2002 }
},
{
"name": "table: customers.contact_info, user: ds-user, access: select",
@@ -232,7 +232,7 @@
"resource": { "elements": { "database": "customers", "table":
"contact_info" } },
"accessType": "select", "user": "ds-user", "userGroups": []
},
- "result": { "datasets": [ 3 ], "projects": [ 2 ], "datasetNames": [
"dataset-3" ], "projectNames": [ "project-2" ], "isAllowed": true, "isAudited":
true, "policyId": 2003 }
+ "result": { "datasets": [ "dataset-3" ], "projects": [ "project-2" ],
"isAllowed": true, "isAudited": true, "policyId": 2003 }
},
{
"name": "table: operations.facilities, user: ds-user, access: select",
@@ -240,7 +240,7 @@
"resource": { "elements": { "database": "operations", "table":
"facilities" } },
"accessType": "select", "user": "ds-user", "userGroups": []
},
- "result": { "datasets": [ 4 ], "projects": null, "datasetNames": [
"dataset-4" ], "projectNames": null, "isAllowed": true, "isAudited": true,
"policyId": 2004 }
+ "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed":
true, "isAudited": true, "policyId": 2004 }
},
@@ -250,7 +250,7 @@
"resource": { "elements": { "database": "sales", "table":
"prospects" } },
"accessType": "select", "user": "proj-user", "userGroups": []
},
- "result": { "datasets": [ 1 ], "projects": [ 1 ], "datasetNames": [
"dataset-1" ], "projectNames": [ "project-1" ], "isAllowed": true, "isAudited":
true, "policyId": 3001 }
+ "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ],
"isAllowed": true, "isAudited": true, "policyId": 3001 }
},
{
"name": "table: sales.orders, user: proj-user, access: select",
@@ -258,7 +258,7 @@
"resource": { "elements": { "database": "sales", "table": "orders" }
},
"accessType": "select", "user": "proj-user", "userGroups": []
},
- "result": { "datasets": [ 1 ], "projects": [ 1 ], "datasetNames": [
"dataset-1" ], "projectNames": [ "project-1" ], "isAllowed": true, "isAudited":
true, "policyId": 3001 }
+ "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ],
"isAllowed": true, "isAudited": true, "policyId": 3001 }
},
{
"name": "table: finance.invoices, user: proj-user, access: select",
@@ -266,7 +266,7 @@
"resource": { "elements": { "database": "finance", "table":
"invoices" } },
"accessType": "select", "user": "proj-user", "userGroups": []
},
- "result": { "datasets": [ 1, 2 ], "projects": [ 1 ], "datasetNames": [
"dataset-1", "dataset-2" ], "projectNames": [ "project-1" ], "isAllowed": true,
"isAudited": true, "policyId": 3001 }
+ "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [
"project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 }
},
{
"name": "table: finance.payments, user: proj-user, access: select",
@@ -274,7 +274,7 @@
"resource": { "elements": { "database": "finance", "table":
"payments" } },
"accessType": "select", "user": "proj-user", "userGroups": []
},
- "result": { "datasets": [ 1, 2 ], "projects": [ 1 ], "datasetNames": [
"dataset-1", "dataset-2" ], "projectNames": [ "project-1" ], "isAllowed": true,
"isAudited": true, "policyId": 3001 }
+ "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [
"project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 }
},
{
"name": "table: shipping.shipments, user: proj-user, access: select",
@@ -282,7 +282,7 @@
"resource": { "elements": { "database": "shipping", "table":
"shipments" } },
"accessType": "select", "user": "proj-user", "userGroups": []
},
- "result": { "datasets": [ 2 ], "projects": [ 1 ], "datasetNames": [
"dataset-2" ], "projectNames": [ "project-1" ], "isAllowed": true, "isAudited":
true, "policyId": 3001 }
+ "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ],
"isAllowed": true, "isAudited": true, "policyId": 3001 }
},
{
"name": "table: customers.contact_info, user: proj-user, access: select",
@@ -290,7 +290,7 @@
"resource": { "elements": { "database": "customers", "table":
"contact_info" } },
"accessType": "select", "user": "proj-user", "userGroups": []
},
- "result": { "datasets": [ 3 ], "projects": [ 2 ], "datasetNames": [
"dataset-3" ], "projectNames": [ "project-2" ], "isAllowed": true, "isAudited":
true, "policyId": 3002 }
+ "result": { "datasets": [ "dataset-3" ], "projects": [ "project-2" ],
"isAllowed": true, "isAudited": true, "policyId": 3002 }
},
{
"name": "table: operations.facilities, user: proj-user, access: select",
@@ -298,7 +298,7 @@
"resource": { "elements": { "database": "operations", "table":
"facilities" } },
"accessType": "select", "user": "proj-user", "userGroups": []
},
- "result": { "datasets": [ 4 ], "projects": null, "datasetNames": [
"dataset-4" ], "projectNames": null, "isAllowed": false, "isAudited": true,
"policyId": -1 }
+ "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed":
false, "isAudited": true, "policyId": -1 }
},
@@ -308,7 +308,7 @@
"resource": { "elements": { "database": "sales", "table":
"prospects" } },
"accessType": "select", "user": "scott", "userGroups": []
},
- "result": { "datasets": [ 1 ], "projects": [ 1 ], "datasetNames": [
"dataset-1" ], "projectNames": [ "project-1" ], "isAllowed": false,
"isAudited": true, "policyId": -1 }
+ "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ],
"isAllowed": false, "isAudited": true, "policyId": -1 }
},
{
"name": "table: sales.orders, user: scott, access: select",
@@ -316,7 +316,7 @@
"resource": { "elements": { "database": "sales", "table": "orders" }
},
"accessType": "select", "user": "scott", "userGroups": []
},
- "result": { "datasets": [ 1 ], "projects": [ 1 ], "datasetNames": [
"dataset-1" ], "projectNames": [ "project-1" ], "isAllowed": false,
"isAudited": true, "policyId": -1 }
+ "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ],
"isAllowed": false, "isAudited": true, "policyId": -1 }
},
{
"name": "table: finance.invoices, user: scott, access: select",
@@ -324,7 +324,7 @@
"resource": { "elements": { "database": "finance", "table":
"invoices" } },
"accessType": "select", "user": "scott", "userGroups": []
},
- "result": { "datasets": [ 1, 2 ], "projects": [ 1 ], "datasetNames": [
"dataset-1", "dataset-2" ], "projectNames": [ "project-1" ], "isAllowed":
false, "isAudited": true, "policyId": -1 }
+ "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [
"project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 }
},
{
"name": "table: finance.payments, user: scott, access: select",
@@ -332,7 +332,7 @@
"resource": { "elements": { "database": "finance", "table":
"payments" } },
"accessType": "select", "user": "scott", "userGroups": []
},
- "result": { "datasets": [ 1, 2 ], "projects": [ 1 ], "datasetNames": [
"dataset-1", "dataset-2" ], "projectNames": [ "project-1" ], "isAllowed":
false, "isAudited": true, "policyId": -1 }
+ "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [
"project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 }
},
{
"name": "table: shipping.shipments, user: scott, access: select",
@@ -340,7 +340,7 @@
"resource": { "elements": { "database": "shipping", "table":
"shipments" } },
"accessType": "select", "user": "scott", "userGroups": []
},
- "result": { "datasets": [ 2 ], "projects": [ 1 ], "datasetNames": [
"dataset-2" ], "projectNames": [ "project-1" ], "isAllowed": false,
"isAudited": true, "policyId": -1 }
+ "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ],
"isAllowed": false, "isAudited": true, "policyId": -1 }
},
{
"name": "table: customers.contact_info, user: scott, access: select",
@@ -348,7 +348,7 @@
"resource": { "elements": { "database": "customers", "table":
"contact_info" } },
"accessType": "select", "user": "scott", "userGroups": []
},
- "result": { "datasets": [ 3 ], "projects": [ 2 ], "datasetNames": [
"dataset-3" ], "projectNames": [ "project-2" ], "isAllowed": false,
"isAudited": true, "policyId": -1 }
+ "result": { "datasets": [ "dataset-3" ], "projects": [ "project-2" ],
"isAllowed": false, "isAudited": true, "policyId": -1 }
},
{
"name": "table: operations.facilities, user: scott, access: select",
@@ -356,7 +356,7 @@
"resource": { "elements": { "database": "operations", "table":
"facilities" } },
"accessType": "select", "user": "scott", "userGroups": []
},
- "result": { "datasets": [ 4 ], "projects": null, "datasetNames": [
"dataset-4" ], "projectNames": null, "isAllowed": false, "isAudited": true,
"policyId": -1 }
+ "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed":
false, "isAudited": true, "policyId": -1 }
},
@@ -366,7 +366,7 @@
"resource": { "elements": { "database": "operations", "table":
"facilities" } },
"accessType": "select", "user": "scott", "userGroups": []
},
- "result": { "datasets": [ 4 ], "projects": null, "datasetNames": [
"dataset-4" ], "projectNames": null, "isAllowed": false, "isAudited": true,
"policyId": -1 }
+ "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed":
false, "isAudited": true, "policyId": -1 }
},
{
@@ -375,7 +375,7 @@
"resource": { "elements": { "database": "operations", "table":
"facilities" } },
"accessType": "update", "user": "ds-user", "userGroups": []
},
- "result": { "datasets": null, "projects": null, "datasetNames": null,
"projectNames": null, "isAllowed": false, "isAudited": false, "policyId": -1 }
+ "result": { "datasets": null, "projects": null, "isAllowed": false,
"isAudited": false, "policyId": -1 }
}
]
}
