This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch RANGER-3923 in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/RANGER-3923 by this push: new 4f362e1bf RANGER-4269: gds enricher implementation to grant access using dataset/project policies - #2 4f362e1bf is described below commit 4f362e1bf948db8a5e5726876c945be484842c05 Author: Madhan Neethiraj <mad...@apache.org> AuthorDate: Wed Nov 8 18:51:13 2023 -0800 RANGER-4269: gds enricher implementation to grant access using dataset/project policies - #2 --- .../plugin/policyengine/RangerAccessResult.java | 14 +-- .../policyengine/RangerPolicyEngineImpl.java | 4 +- .../plugin/policyengine/gds/GdsAccessResult.java | 64 +++--------- .../policyengine/gds/GdsDataShareEvaluator.java | 17 ++-- .../policyengine/gds/GdsDatasetEvaluator.java | 19 ++-- .../plugin/policyengine/gds/GdsPolicyEngine.java | 110 ++++++++++++--------- .../policyengine/gds/GdsProjectEvaluator.java | 10 +- .../gds/test_gds_policy_engine_hive.json | 46 ++++----- 8 files changed, 130 insertions(+), 154 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java index 69e8ed9fc..402cbda68 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java @@ -25,8 +25,8 @@ import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.util.ServiceDefUtil; import java.util.HashMap; -import java.util.List; import java.util.Map; +import java.util.Set; public class RangerAccessResult { public final static String KEY_MASK_TYPE = "maskType"; @@ -328,11 +328,11 @@ public class RangerAccessResult { return StringUtils.isNotEmpty(getFilterExpr()); } - public List<String> getDatasets() { - return additionalInfo == null ? null : (List<String>) additionalInfo.get(KEY_DATASETS); + public Set<String> getDatasets() { + return additionalInfo == null ? null : (Set<String>) additionalInfo.get(KEY_DATASETS); } - public void setDatasets(List<String> datasets) { + public void setDatasets(Set<String> datasets) { if (datasets == null) { removeAdditionalInfo(KEY_DATASETS); } else { @@ -340,11 +340,11 @@ public class RangerAccessResult { } } - public List<String> getProjects() { - return additionalInfo == null ? null : (List<String>) additionalInfo.get(KEY_PROJECTS); + public Set<String> getProjects() { + return additionalInfo == null ? null : (Set<String>) additionalInfo.get(KEY_PROJECTS); } - public void setProjects(List<String> projects) { + public void setProjects(Set<String> projects) { if (projects == null) { removeAdditionalInfo(KEY_PROJECTS); } else { diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java index 868122869..e268fff38 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java @@ -1154,8 +1154,8 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { result.setIsAudited(true); } - result.setDatasets(gdsResult.getDatasetNames()); - result.setProjects(gdsResult.getProjectNames()); + result.setDatasets(gdsResult.getDatasets()); + result.setProjects(gdsResult.getProjects()); } else { if (LOG.isDebugEnabled()) { LOG.debug("updateFromGdsResult(): no GdsAccessResult found in request context({})", request); diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java index 2d0ec0379..b2158579f 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java @@ -22,75 +22,41 @@ package org.apache.ranger.plugin.policyengine.gds; import java.util.*; public class GdsAccessResult { - private Set<Long> datasets; - private Set<Long> projects; - private List<String> datasetNames; - private List<String> projectNames; - private boolean isAllowed; - private boolean isAudited; - private long policyId = -1; - private Long policyVersion; + private Set<String> datasets; + private Set<String> projects; + private boolean isAllowed; + private boolean isAudited; + private long policyId = -1; + private Long policyVersion; public GdsAccessResult() { } - public void addDataset(Long datasetId) { + public void addDataset(String name) { if (datasets == null) { datasets = new HashSet<>(); } - datasets.add(datasetId); + datasets.add(name); } - public boolean hasDataset(Long datasetId) { - return datasets != null && datasets.contains(datasetId); - } - - public Set<Long> getDatasets() { + public Set<String> getDatasets() { return datasets; } - public void addDatasetName(String name) { - if (datasetNames == null) { - datasetNames = datasets == null ? new ArrayList<>() : new ArrayList<>(datasets.size()); - } - - datasetNames.add(name); - } - - public List<String> getDatasetNames() { - return datasetNames; - } - - public void addProject(Long projectId) { + public void addProject(String name) { if (projects == null) { projects = new HashSet<>(); } - projects.add(projectId); + projects.add(name); } - public boolean hasProject(Long projectId) { - return projects != null && projects.contains(projectId); - } - - public Set<Long> getProjects() { + public Set<String> getProjects() { return projects; } - public void addProjectName(String name) { - if (projectNames == null) { - projectNames = projects == null ? new ArrayList<>() : new ArrayList<>(projects.size()); - } - - projectNames.add(name); - } - - public List<String> getProjectNames() { - return projectNames; - } - public boolean getIsAllowed() { return isAllowed; } @@ -125,7 +91,7 @@ public class GdsAccessResult { @Override public int hashCode() { - return Objects.hash(datasets, projects, datasetNames, projectNames, isAllowed, isAudited, policyId, policyVersion); + return Objects.hash(datasets, projects, isAllowed, isAudited, policyId, policyVersion); } @Override @@ -139,8 +105,6 @@ public class GdsAccessResult { return Objects.equals(datasets, other.datasets) && Objects.equals(projects, other.projects) && - Objects.equals(datasetNames, other.datasetNames) && - Objects.equals(projectNames, other.projectNames) && Objects.equals(isAllowed, other.isAllowed) && Objects.equals(isAudited, other.isAudited) && Objects.equals(policyId, other.policyId) && @@ -161,8 +125,6 @@ public class GdsAccessResult { sb.append("RangerGdsAccessResult={"); sb.append("datasets={").append(datasets).append("}"); sb.append(", projects={").append(projects).append("}"); - sb.append(", datasetNames={").append(datasetNames).append("}"); - sb.append(", projectNames={").append(projectNames).append("}"); sb.append(", isAllowed={").append(isAllowed).append("}"); sb.append(", isAudited={").append(isAudited).append("}"); sb.append(", policyId={").append(policyId).append("}"); diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDataShareEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDataShareEvaluator.java index 198907855..83ab59630 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDataShareEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDataShareEvaluator.java @@ -21,12 +21,11 @@ package org.apache.ranger.plugin.policyengine.gds; import org.apache.commons.lang.StringUtils; import org.apache.ranger.plugin.conditionevaluator.RangerConditionEvaluator; -import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.model.validation.RangerServiceDefHelper; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; import org.apache.ranger.plugin.policyengine.RangerResourceTrie; import org.apache.ranger.plugin.policyevaluator.RangerCustomConditionEvaluator; -import org.apache.ranger.plugin.policyresourcematcher.RangerResourceEvaluator; import org.apache.ranger.plugin.util.RangerResourceEvaluatorsRetriever; import org.apache.ranger.plugin.util.ServiceGdsInfo.DataShareInfo; import org.apache.ranger.plugin.util.ServiceGdsInfo.SharedResourceInfo; @@ -56,8 +55,8 @@ public class GdsDataShareEvaluator { this.conditionEvaluator = RangerCustomConditionEvaluator.getInstance().getExpressionEvaluator(dsh.getConditionExpr(), serviceDefHelper.getServiceDef()); if (resources != null) { - Set<String> resourceKeys = new HashSet<>(); - List<RangerResourceEvaluator> evaluators = new ArrayList<>(resources.size()); + Set<String> resourceKeys = new HashSet<>(); + List<GdsSharedResourceEvaluator> evaluators = new ArrayList<>(resources.size()); for (SharedResourceInfo resource : resources) { GdsSharedResourceEvaluator evaluator = new GdsSharedResourceEvaluator(resource, dsh.getDefaultAccessTypes(), serviceDefHelper); @@ -68,8 +67,8 @@ public class GdsDataShareEvaluator { } for (String resourceKey : resourceKeys) { - RangerServiceDef.RangerResourceDef resourceDef = serviceDefHelper.getResourceDef(resourceKey); - RangerResourceTrie resourceTrie = new RangerResourceTrie<>(resourceDef, evaluators); + RangerResourceDef resourceDef = serviceDefHelper.getResourceDef(resourceKey); + RangerResourceTrie<GdsSharedResourceEvaluator> resourceTrie = new RangerResourceTrie<>(resourceDef, evaluators); resourceTries.put(resourceKey, resourceTrie); } @@ -94,7 +93,7 @@ public class GdsDataShareEvaluator { dsidEvaluators.add(dhidEvaluator); } - public void evaluate(RangerAccessRequest request, GdsAccessResult result) { + public void evaluate(RangerAccessRequest request, GdsAccessResult result, Set<Long> datasetIds) { LOG.debug("==> GdsDataShareEvaluator.evaluate({}, {})", request, result); Collection<GdsSharedResourceEvaluator> evaluators = RangerResourceEvaluatorsRetriever.getEvaluators(resourceTries, request.getResource().getAsMap(), request.getResourceElementMatchingScopes()); @@ -126,9 +125,9 @@ public class GdsDataShareEvaluator { if (isAllowed) { // now find dsidEvaluators that allow the request and collect their datasetIds for (GdsDshidEvaluator dsidEvaluator : dsidEvaluators) { - if (!result.hasDataset(dsidEvaluator.getDatasetId())) { + if (!datasetIds.contains(dsidEvaluator.getDatasetId())) { if (dsidEvaluator.isAllowed(request)) { - result.addDataset(dsidEvaluator.getDatasetId()); + datasetIds.add(dsidEvaluator.getDatasetId()); } } } diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDatasetEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDatasetEvaluator.java index 1de430def..61047134b 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDatasetEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDatasetEvaluator.java @@ -29,10 +29,7 @@ import org.apache.ranger.plugin.util.ServiceGdsInfo.DatasetInfo; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Comparator; -import java.util.List; +import java.util.*; public class GdsDatasetEvaluator { private static final Logger LOG = LoggerFactory.getLogger(GdsDatasetEvaluator.class); @@ -41,6 +38,7 @@ public class GdsDatasetEvaluator { private final DatasetInfo dataset; + private final RangerServiceDef gdsServiceDef; private final String name; private final List<GdsDipEvaluator> dipEvaluators = new ArrayList<>(); private final List<RangerPolicyEvaluator> policyEvaluators; @@ -49,8 +47,9 @@ public class GdsDatasetEvaluator { public GdsDatasetEvaluator(DatasetInfo dataset, RangerServiceDef gdsServiceDef, RangerPolicyEngineOptions options) { LOG.debug("==> GdsDatasetEvaluator()"); - this.dataset = dataset; - this.name = StringUtils.isBlank(dataset.getName()) ? StringUtils.EMPTY : dataset.getName(); + this.dataset = dataset; + this.gdsServiceDef = gdsServiceDef; + this.name = StringUtils.isBlank(dataset.getName()) ? StringUtils.EMPTY : dataset.getName(); if (dataset.getPolicies() != null) { policyEvaluators = new ArrayList<>(dataset.getPolicies().size()); @@ -81,10 +80,10 @@ public class GdsDatasetEvaluator { dipEvaluators.add(dipEvaluator); } - public void evaluate(RangerAccessRequest request, GdsAccessResult result, RangerServiceDef gdsServiceDef) { + public void evaluate(RangerAccessRequest request, GdsAccessResult result, Set<Long> projectIds) { LOG.debug("==> GdsDatasetEvaluator.evaluate({}, {})", request, result); - result.addDatasetName(getName()); + result.addDataset(getName()); if (!policyEvaluators.isEmpty()) { GdsDatasetAccessRequest datasetRequest = new GdsDatasetAccessRequest(getId(), gdsServiceDef, request); @@ -108,9 +107,9 @@ public class GdsDatasetEvaluator { } for (GdsDipEvaluator dipEvaluator : dipEvaluators) { - if (!result.hasProject(dipEvaluator.getProjectId())) { + if (!projectIds.contains(dipEvaluator.getProjectId())) { if (dipEvaluator.isAllowed(request)) { - result.addProject(dipEvaluator.getProjectId()); + projectIds.add(dipEvaluator.getProjectId()); } } } diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsPolicyEngine.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsPolicyEngine.java index 64be44893..809bbfa96 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsPolicyEngine.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsPolicyEngine.java @@ -19,7 +19,6 @@ package org.apache.ranger.plugin.policyengine.gds; -import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.ranger.plugin.model.RangerGds; import org.apache.ranger.plugin.model.RangerServiceDef; @@ -65,7 +64,7 @@ public class GdsPolicyEngine { } public GdsAccessResult evaluate(RangerAccessRequest request) { - LOG.debug("==> RangerGdsPolicyEngine.evaluate({})", request);; + LOG.debug("==> RangerGdsPolicyEngine.evaluate({})", request); GdsAccessResult ret = null; List<GdsDataShareEvaluator> dataShares = getDataShareEvaluators(request); @@ -77,12 +76,21 @@ public class GdsPolicyEngine { dataShares.sort(GdsDataShareEvaluator.EVAL_ORDER_COMPARATOR); } + Set<Long> datasetIds = new HashSet<>(); + for (GdsDataShareEvaluator dshEvaluator : dataShares) { - dshEvaluator.evaluate(request, ret); + dshEvaluator.evaluate(request, ret, datasetIds); } - evaluateDatasetPolicies(ret.getDatasets(), request, ret); - evaluateProjectPolicies(ret.getProjects(), request, ret); + if (!datasetIds.isEmpty()) { + Set<Long> projectIds = new HashSet<>(); + + evaluateDatasetPolicies(datasetIds, request, ret, projectIds); + + if (!projectIds.isEmpty()) { + evaluateProjectPolicies(projectIds, request, ret); + } + } } LOG.debug("<== RangerGdsPolicyEngine.evaluate({}): {}", request, ret); @@ -229,70 +237,76 @@ public class GdsPolicyEngine { return ret; } - private void evaluateDatasetPolicies(Set<Long> datasetIds, RangerAccessRequest request, GdsAccessResult result) { - if (CollectionUtils.isNotEmpty(datasetIds)) { - List<GdsDatasetEvaluator> evaluators = new ArrayList<>(datasetIds.size()); + private void evaluateDatasetPolicies(Set<Long> datasetIds, RangerAccessRequest request, GdsAccessResult result, Set<Long> projectIds) { + List<GdsDatasetEvaluator> evaluators = new ArrayList<>(datasetIds.size()); - for (Long datasetId : datasetIds) { - GdsDatasetEvaluator evaluator = datasets.get(datasetId); + for (Long datasetId : datasetIds) { + GdsDatasetEvaluator evaluator = datasets.get(datasetId); - if (evaluator == null) { - LOG.error("evaluateDatasetPolicies(): invalid datasetId in result: {}. Ignored", datasetId); + if (evaluator == null) { + LOG.error("evaluateDatasetPolicies(): invalid datasetId in result: {}. Ignored", datasetId); - continue; - } - - evaluators.add(evaluator); + continue; } - if (evaluators.size() > 1) { - evaluators.sort(GdsDatasetEvaluator.EVAL_ORDER_COMPARATOR); - } + evaluators.add(evaluator); + } + if (evaluators.size() > 1) { + evaluators.sort(GdsDatasetEvaluator.EVAL_ORDER_COMPARATOR); + } + + if (!evaluators.isEmpty()) { for (GdsDatasetEvaluator evaluator : evaluators) { - evaluator.evaluate(request, result, gdsInfo.getGdsServiceDef()); + evaluator.evaluate(request, result, projectIds); } } } private void evaluateProjectPolicies(Set<Long> projectIds, RangerAccessRequest request, GdsAccessResult result) { - if (CollectionUtils.isNotEmpty(projectIds)) { - List<GdsProjectEvaluator> evaluators = new ArrayList<>(projectIds.size()); - - for (Long projectId : projectIds) { - GdsProjectEvaluator evaluator = projects.get(projectId); + List<GdsProjectEvaluator> evaluators = new ArrayList<>(projectIds.size()); - if (evaluator == null) { - LOG.error("evaluateProjectPolicies(): invalid projectId in result: {}. Ignored", projectId); + for (Long projectId : projectIds) { + GdsProjectEvaluator evaluator = projects.get(projectId); - continue; - } + if (evaluator == null) { + LOG.error("evaluateProjectPolicies(): invalid projectId in result: {}. Ignored", projectId); - evaluators.add(evaluator); + continue; } - if (evaluators.size() > 1) { - evaluators.sort(GdsProjectEvaluator.EVAL_ORDER_COMPARATOR); - } + evaluators.add(evaluator); + } - for (GdsProjectEvaluator evaluator : evaluators) { - evaluator.evaluate(request, result, gdsInfo.getGdsServiceDef()); - } + if (evaluators.size() > 1) { + evaluators.sort(GdsProjectEvaluator.EVAL_ORDER_COMPARATOR); + } + + for (GdsProjectEvaluator evaluator : evaluators) { + evaluator.evaluate(request, result); } } } /* - sharedRes-1--\ - |-- dataShare-1------- dataset-1--\ - sharedRes-2--/ / \ - / \_____ project-1 - sharedRes-3------ dataShare-2---\ / - \___ dataset-2---/ - / - sharedRes-4------ dataShare-3------/ - - sharedRes-5------ dataShare-4-------- dataset-3 --------- project-2 - - sharedRes-6------ dataShare-5-------- dataset-4 + dataShare-1 ----------------------- dataset-1 --- + resource-1 / \ + resource-2 / \ + / \ + dataShare-2 -------------------| | ---- project-1 + resource-3 \ / + \ / + -- dataset-2--- + / + dataShare-3 --------------------- + resource-3 + resource-4 + + dataShare-4 ------------------------- dataset-3 --------- project-2 + resource-4 + resource-5 + + dataShare-5 ------------------------- dataset-4 + resource-6 + resource-7 */ \ No newline at end of file diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsProjectEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsProjectEvaluator.java index d5ce0e904..446f2a90a 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsProjectEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsProjectEvaluator.java @@ -40,14 +40,16 @@ public class GdsProjectEvaluator { public static final GdsProjectEvalOrderComparator EVAL_ORDER_COMPARATOR = new GdsProjectEvalOrderComparator(); private final ProjectInfo project; + private final RangerServiceDef gdsServiceDef; private final String name; private final List<RangerPolicyEvaluator> policyEvaluators; public GdsProjectEvaluator(ProjectInfo project, RangerServiceDef gdsServiceDef, RangerPolicyEngineOptions options) { LOG.debug("==> GdsProjectEvaluator({})", project); - this.project = project; - this.name = StringUtils.isBlank(project.getName()) ? StringUtils.EMPTY : project.getName(); + this.project = project; + this.gdsServiceDef = gdsServiceDef; + this.name = StringUtils.isBlank(project.getName()) ? StringUtils.EMPTY : project.getName(); if (project.getPolicies() != null) { policyEvaluators = new ArrayList<>(project.getPolicies().size()); @@ -74,10 +76,10 @@ public class GdsProjectEvaluator { return name; } - public void evaluate(RangerAccessRequest request, GdsAccessResult result, RangerServiceDef gdsServiceDef) { + public void evaluate(RangerAccessRequest request, GdsAccessResult result) { LOG.debug("==> GdsDatasetEvaluator.evaluate({}, {})", request, result); - result.addProjectName(getName()); + result.addProject(getName()); if (!policyEvaluators.isEmpty()) { GdsProjectAccessRequest projectRequest = new GdsProjectAccessRequest(getId(), gdsServiceDef, request); diff --git a/agents-common/src/test/resources/policyengine/gds/test_gds_policy_engine_hive.json b/agents-common/src/test/resources/policyengine/gds/test_gds_policy_engine_hive.json index c3ef3c484..010baed5c 100644 --- a/agents-common/src/test/resources/policyengine/gds/test_gds_policy_engine_hive.json +++ b/agents-common/src/test/resources/policyengine/gds/test_gds_policy_engine_hive.json @@ -192,7 +192,7 @@ "resource": { "elements": { "database": "sales", "table": "prospects" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ 1 ], "projects": [ 1 ], "datasetNames": [ "dataset-1" ], "projectNames": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "table: sales.orders, user: ds-user, access: select", @@ -200,7 +200,7 @@ "resource": { "elements": { "database": "sales", "table": "orders" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ 1 ], "projects": [ 1 ], "datasetNames": [ "dataset-1" ], "projectNames": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "table: finance.invoices, user: ds-user, access: select", @@ -208,7 +208,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ 1, 2 ], "projects": [ 1 ], "datasetNames": [ "dataset-1", "dataset-2" ], "projectNames": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "table: finance.payments, user: ds-user, access: select", @@ -216,7 +216,7 @@ "resource": { "elements": { "database": "finance", "table": "payments" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ 1, 2 ], "projects": [ 1 ], "datasetNames": [ "dataset-1", "dataset-2" ], "projectNames": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "table: shipping.shipments, user: ds-user, access: select", @@ -224,7 +224,7 @@ "resource": { "elements": { "database": "shipping", "table": "shipments" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ 2 ], "projects": [ 1 ], "datasetNames": [ "dataset-2" ], "projectNames": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 2002 } + "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 2002 } }, { "name": "table: customers.contact_info, user: ds-user, access: select", @@ -232,7 +232,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ 3 ], "projects": [ 2 ], "datasetNames": [ "dataset-3" ], "projectNames": [ "project-2" ], "isAllowed": true, "isAudited": true, "policyId": 2003 } + "result": { "datasets": [ "dataset-3" ], "projects": [ "project-2" ], "isAllowed": true, "isAudited": true, "policyId": 2003 } }, { "name": "table: operations.facilities, user: ds-user, access: select", @@ -240,7 +240,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ 4 ], "projects": null, "datasetNames": [ "dataset-4" ], "projectNames": null, "isAllowed": true, "isAudited": true, "policyId": 2004 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed": true, "isAudited": true, "policyId": 2004 } }, @@ -250,7 +250,7 @@ "resource": { "elements": { "database": "sales", "table": "prospects" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ 1 ], "projects": [ 1 ], "datasetNames": [ "dataset-1" ], "projectNames": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } }, { "name": "table: sales.orders, user: proj-user, access: select", @@ -258,7 +258,7 @@ "resource": { "elements": { "database": "sales", "table": "orders" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ 1 ], "projects": [ 1 ], "datasetNames": [ "dataset-1" ], "projectNames": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } }, { "name": "table: finance.invoices, user: proj-user, access: select", @@ -266,7 +266,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ 1, 2 ], "projects": [ 1 ], "datasetNames": [ "dataset-1", "dataset-2" ], "projectNames": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } }, { "name": "table: finance.payments, user: proj-user, access: select", @@ -274,7 +274,7 @@ "resource": { "elements": { "database": "finance", "table": "payments" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ 1, 2 ], "projects": [ 1 ], "datasetNames": [ "dataset-1", "dataset-2" ], "projectNames": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } }, { "name": "table: shipping.shipments, user: proj-user, access: select", @@ -282,7 +282,7 @@ "resource": { "elements": { "database": "shipping", "table": "shipments" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ 2 ], "projects": [ 1 ], "datasetNames": [ "dataset-2" ], "projectNames": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } + "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } }, { "name": "table: customers.contact_info, user: proj-user, access: select", @@ -290,7 +290,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ 3 ], "projects": [ 2 ], "datasetNames": [ "dataset-3" ], "projectNames": [ "project-2" ], "isAllowed": true, "isAudited": true, "policyId": 3002 } + "result": { "datasets": [ "dataset-3" ], "projects": [ "project-2" ], "isAllowed": true, "isAudited": true, "policyId": 3002 } }, { "name": "table: operations.facilities, user: proj-user, access: select", @@ -298,7 +298,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ 4 ], "projects": null, "datasetNames": [ "dataset-4" ], "projectNames": null, "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed": false, "isAudited": true, "policyId": -1 } }, @@ -308,7 +308,7 @@ "resource": { "elements": { "database": "sales", "table": "prospects" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ 1 ], "projects": [ 1 ], "datasetNames": [ "dataset-1" ], "projectNames": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: sales.orders, user: scott, access: select", @@ -316,7 +316,7 @@ "resource": { "elements": { "database": "sales", "table": "orders" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ 1 ], "projects": [ 1 ], "datasetNames": [ "dataset-1" ], "projectNames": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: finance.invoices, user: scott, access: select", @@ -324,7 +324,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ 1, 2 ], "projects": [ 1 ], "datasetNames": [ "dataset-1", "dataset-2" ], "projectNames": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: finance.payments, user: scott, access: select", @@ -332,7 +332,7 @@ "resource": { "elements": { "database": "finance", "table": "payments" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ 1, 2 ], "projects": [ 1 ], "datasetNames": [ "dataset-1", "dataset-2" ], "projectNames": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: shipping.shipments, user: scott, access: select", @@ -340,7 +340,7 @@ "resource": { "elements": { "database": "shipping", "table": "shipments" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ 2 ], "projects": [ 1 ], "datasetNames": [ "dataset-2" ], "projectNames": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: customers.contact_info, user: scott, access: select", @@ -348,7 +348,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ 3 ], "projects": [ 2 ], "datasetNames": [ "dataset-3" ], "projectNames": [ "project-2" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-3" ], "projects": [ "project-2" ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: operations.facilities, user: scott, access: select", @@ -356,7 +356,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ 4 ], "projects": null, "datasetNames": [ "dataset-4" ], "projectNames": null, "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed": false, "isAudited": true, "policyId": -1 } }, @@ -366,7 +366,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ 4 ], "projects": null, "datasetNames": [ "dataset-4" ], "projectNames": null, "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed": false, "isAudited": true, "policyId": -1 } }, { @@ -375,7 +375,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "update", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": null, "projects": null, "datasetNames": null, "projectNames": null, "isAllowed": false, "isAudited": false, "policyId": -1 } + "result": { "datasets": null, "projects": null, "isAllowed": false, "isAudited": false, "policyId": -1 } } ] }