[ https://issues.apache.org/jira/browse/RANGER-2799?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17085711#comment-17085711 ]
Pradeep Agrawal edited comment on RANGER-2799 at 4/17/20, 12:53 PM: -------------------------------------------------------------------- Ranger APIs are REST API which accepts json data. its possible to update a policy with multiple resources. # Which version of ranger are you using. # Which REST api are you using. # Have you tried that via UI or curl already. Example : Request and response json observed from UI. Create policy json request : (with resource = /temp1) {code:java} {"policyType":"0","name":"temppolicy1","isEnabled":true,"policyPriority":0,"policyLabels":[],"description":"","isAuditEnabled":true,"resources":{"path":{"values":["/temp1"],"isRecursive":true}},"isDenyAllElse":false,"policyItems":[{"users":["testuser2"],"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}]}],"allowExceptions":[],"denyPolicyItems":[],"denyExceptions":[],"service":"hadoopdev"} {code} Create policy json response : {code:java} {"id":8,"guid":"0b2454ad-f105-4d69-86d1-61b0cfd7bbcd","isEnabled":true,"createdBy":"Admin","updatedBy":"Admin","createTime":1587097332631,"updateTime":1587097332633,"version":1,"service":"hadoopdev","name":"temppolicy1","policyType":0,"policyPriority":0,"description":"","resourceSignature":"c8d8e94aab97f89fb3ed54f715edec7a03a5423655c953bdfeeaf16280bba8ed","isAuditEnabled":true,"resources":{"path":{"values":["/temp1"],"isExcludes":false,"isRecursive":true}},"policyItems":[{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":["testuser2"],"groups":[],"roles":[],"conditions":[],"delegateAdmin":false}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"serviceType":"hdfs","options":{},"validitySchedules":[],"policyLabels":[],"zoneName":"","isDenyAllElse":false} {code} Update policy json request : (with resource = /temp1 and /temp2) {code:java} {"id":8,"guid":"0b2454ad-f105-4d69-86d1-61b0cfd7bbcd","isEnabled":true,"createdBy":"Admin","updatedBy":"Admin","createTime":1587097332631,"updateTime":1587097332636,"version":1,"service":"hadoopdev","name":"temppolicy1","policyType":0,"policyPriority":0,"description":"","resourceSignature":"c8d8e94aab97f89fb3ed54f715edec7a03a5423655c953bdfeeaf16280bba8ed","isAuditEnabled":true,"resources":{"path":{"values":["/temp1","/temp2"],"isRecursive":true,"isExcludes":false}},"policyItems":[{"users":["testuser2"],"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}]}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"serviceType":"1","options":{},"validitySchedules":[],"policyLabels":[],"zoneName":"","isDenyAllElse":false}{code} Update policy json response : {code:java} {"id":8,"guid":"0b2454ad-f105-4d69-86d1-61b0cfd7bbcd","isEnabled":true,"createdBy":"Admin","updatedBy":"Admin","createTime":1587097332631,"updateTime":1587097608531,"version":2,"service":"hadoopdev","name":"temppolicy1","policyType":0,"policyPriority":0,"description":"","resourceSignature":"1839d8f9b559ff020dd165439f2f546c36d2270c35062863431ecab31fbf966c","isAuditEnabled":true,"resources":{"path":{"values":["/temp1","/temp2"],"isExcludes":false,"isRecursive":true}},"policyItems":[{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":["testuser2"],"groups":[],"roles":[],"conditions":[],"delegateAdmin":false}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"serviceType":"hdfs","options":{},"validitySchedules":[],"policyLabels":[],"zoneName":"","isDenyAllElse":false} {code} was (Author: pradeep.agrawal): Ranger APIs are REST API which accepts json data. its possible to update a policy with multiple resources. # Which version of ranger are you using. # Which REST api are you using. # Have you tried that via UI or curl already. Example : Request and response json observed from UI. Create policy json request : (with resource = /temp1) {code:java} {"policyType":"0","name":"temppolicy1","isEnabled":true,"policyPriority":0,"policyLabels":[],"description":"","isAuditEnabled":true,"resources":{"path":{"values":["/temp1"],"isRecursive":true}},"isDenyAllElse":false,"policyItems":[{"users":["testuser2"],"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}]}],"allowExceptions":[],"denyPolicyItems":[],"denyExceptions":[],"service":"hadoopdev"} {code} Create policy json response : {code:java} {"id":8,"guid":"0b2454ad-f105-4d69-86d1-61b0cfd7bbcd","isEnabled":true,"createdBy":"Admin","updatedBy":"Admin","createTime":1587097332631,"updateTime":1587097332633,"version":1,"service":"hadoopdev","name":"temppolicy1","policyType":0,"policyPriority":0,"description":"","resourceSignature":"c8d8e94aab97f89fb3ed54f715edec7a03a5423655c953bdfeeaf16280bba8ed","isAuditEnabled":true,"resources":{"path":{"values":["/temp1"],"isExcludes":false,"isRecursive":true}},"policyItems":[{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":["testuser2"],"groups":[],"roles":[],"conditions":[],"delegateAdmin":false}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"serviceType":"hdfs","options":{},"validitySchedules":[],"policyLabels":[],"zoneName":"","isDenyAllElse":false} {code} Update policy json request : (with resource = /temp1 and /temp2) {code:java} {"id":8,"guid":"0b2454ad-f105-4d69-86d1-61b0cfd7bbcd","isEnabled":true,"createdBy":"Admin","updatedBy":"Admin","createTime":1587097332631,"updateTime":1587097332636,"version":1,"service":"hadoopdev","name":"temppolicy1","policyType":0,"policyPriority":0,"description":"","resourceSignature":"c8d8e94aab97f89fb3ed54f715edec7a03a5423655c953bdfeeaf16280bba8ed","isAuditEnabled":true,"resources":{"path":{"values":["/temp1","/temp2"],"isRecursive":true,"isExcludes":false}},"policyItems":[{"users":["testuser2"],"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}]}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"serviceType":"1","options":{},"validitySchedules":[],"policyLabels":[],"zoneName":"","isDenyAllElse":false}{code} Update policy json response : {code:java} {"id":8,"guid":"0b2454ad-f105-4d69-86d1-61b0cfd7bbcd","isEnabled":true,"createdBy":"Admin","updatedBy":"Admin","createTime":1587097332631,"updateTime":1587097608531,"version":2,"service":"hadoopdev","name":"temppolicy1","policyType":0,"policyPriority":0,"description":"","resourceSignature":"1839d8f9b559ff020dd165439f2f546c36d2270c35062863431ecab31fbf966c","isAuditEnabled":true,"resources":{"path":{"values":["/temp1","/temp2"],"isExcludes":false,"isRecursive":true}},"policyItems":[{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":["testuser2"],"groups":[],"roles":[],"conditions":[],"delegateAdmin":false}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"serviceType":"hdfs","options":{},"validitySchedules":[],"policyLabels":[],"zoneName":"","isDenyAllElse":false} {code} > update_policy only works for the same resource name? > ---------------------------------------------------- > > Key: RANGER-2799 > URL: https://issues.apache.org/jira/browse/RANGER-2799 > Project: Ranger > Issue Type: Task > Components: Ranger > Reporter: Bhargavi > Priority: Major > > does update_policy only work for a same resource name? > cant i have multiple resource names for a policy with update_policy using > python script? -- This message was sent by Atlassian Jira (v8.3.4#803005)