ATLAS-2486 :- Policy json file for authorization in distro conf

Signed-off-by: kevalbhatt <kbhatt@apache.org>

ATLAS-2486 :- Policy json file for authorization in distro conf
e96b1acc · nixonrodrigues · kevalbhatt · a6b3521e · e96b1acc · a6b3521e
Commit e96b1acc authored Mar 07, 2018 by nixonrodrigues Committed by kevalbhatt Mar 08, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 61 additions and 9 deletions

atlas-simple-authz-policy.json distro/src/conf/atlas-simple-authz-policy.json +61 -0

policy-store.txt distro/src/conf/policy-store.txt +0 -9

No files found.
--- a/distro/src/conf/atlas-simple-authz-policy.json
+++ b/distro/src/conf/atlas-simple-authz-policy.json
+{
+  "roles": {
+    "ROLE_ADMIN": {
+      "adminPermissions": [
+        {
+          "privileges": [ ".*" ]
+        }
+      ],
+
+      "entityPermissions": [
+        {
+          "privileges":      [ ".*" ],
+          "entityTypes":     [ ".*" ],
+          "entityIds":       [ ".*" ],
+          "classifications": [ ".*" ]
+        }
+      ],
+
+      "typePermissions": [
+        {
+          "privileges":     [ ".*" ],
+          "typeCategories": [ ".*" ],
+          "typeNames":      [ ".*" ]
+        }
+      ]
+    },
+
+    "DATA_SCIENTIST": {
+      "entityPermissions": [
+        {
+          "privileges":      [ "entity-read", "entity-read-classification" ],
+          "entityTypes":     [ ".*" ],
+          "entityIds":       [ ".*" ],
+          "classifications": [ ".*" ]
+        }
+      ]
+    },
+
+    "DATA_STEWARD": {
+      "entityPermissions": [
+        {
+          "privileges":      [ "entity-read", "entity-create", "entity-update", "entity-read-classification", "entity-add-classification", "entity-update-classification", "entity-remove-classification" ],
+          "entityTypes":     [ ".*" ],
+          "entityIds":       [ ".*" ],
+          "classifications": [ ".*" ]
+        }
+      ]
+    }
+  },
+
+  "userRoles": {
+    "admin": [ "ROLE_ADMIN" ]
+  },
+
+  "groupRoles": {
+    "ROLE_ADMIN":      [ "ROLE_ADMIN" ],
+    "hadoop":          [ "DATA_STEWARD" ],
+    "DATA_STEWARD":    [ "DATA_STEWARD" ],
+    "RANGER_TAG_SYNC": [ "DATA_SCIENTIST" ]
+  }
+}
--- a/distro/src/conf/policy-store.txt
+++ b/distro/src/conf/policy-store.txt
-##Policy Format
-##r-READ, w-WRITE, u-UPDATE, d-DELETE
-##Policy_Name;;User_Name1:Operations_Allowed,User_Name2:Operations_Allowed;;Group_Name1:Operations_Allowed,Group_Name2:Operations_Allowed;;Resource_Type1:Resource_Name,Resource_Type2:Resource_Name
-##
-adminPolicy;;admin:rwud;;ROLE_ADMIN:rwud;;type:*,entity:*,operation:*,relationship:*
-dataScientistPolicy;;;;DATA_SCIENTIST:r;;type:*,entity:*,relationship:*
-dataStewardPolicy;;;;DATA_STEWARD:rwu;;type:*,entity:*,relationship:*
-hadoopPolicy;;;;hadoop:rwud;;type:*,entity:*,operation:*,relationship:*
-rangerTagSyncPolicy;;;;RANGER_TAG_SYNC:r;;type:*,entity:*