Support Questions

Find answers, ask questions, and share your expertise

Ranger REST API missing policy details?

avatar
Super Guru

I have a Hive policy which specifies Masking and Row Filtering criteria. Here is a screenshot:

8543-screen-shot-2016-10-13-at-82622-am.png

When I use the Ranger REST API to get the policy details the Mask and/or Filtering details are missing:

curl -s -XGET -u admin:admin http://localhost:6080/service/public/api/policy/14

{"id":14,"createDate":"2016-08-29T08:19:48Z","updateDate":"2016-09-15T19:23:51Z","owner":"Admin","updatedBy":"Admin","policyName":"filter_ww_customers_table","resourceName":"/hortoniabank/ww_customers/","description":"","repositoryName":"secgov_cl1_hive","repositoryType":"hive","permMapList":[],"tables":"ww_customers","databases":"hortoniabank","tableType":"Inclusion","isEnabled":true,"isRecursive":false,"isAuditEnabled":true,"version":"3","replacePerm":false}

This appears to be a problem with the newer "Allow" and "Deny" rules as well.

8544-screen-shot-2016-10-13-at-50740-pm.png

curl -s -XGET -u admin:admin http://localhost:6080/service/public/api/policy/16

{"id":16,"createDate":"2016-09-19T20:16:01Z","updateDate":"2016-09-21T09:26:11Z","owner":"Admin","updatedBy":"Admin","policyName":"prohibit_zipcode_mrn_bloodtype","resourceName":"/hortoniabank/ww_customers/zipcode","description":"","repositoryName":"secgov_cl1_hive","repositoryType":"hive","permMapList":[],"tables":"ww_customers","columns":"zipcode","databases":"hortoniabank","tableType":"Inclusion","columnType":"Inclusion","isEnabled":true,"isRecursive":false,"isAuditEnabled":true,"version":"4","replacePerm":false}

Is there a different API call to get these details?

1 ACCEPTED SOLUTION

avatar
Rising Star

The REST endpoint you used is for the older version of Ranger, which does not handle recent additions like row-filter/column masking policies. Please use REST endpoint at service/public/v2/api/policy (note "/v2" in the path). For more details on the API, please see wiki at https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Service+Definition%2C+Service+and+P...

If it helps to look at the Java source for the REST API - it is available is at https://github.com/apache/incubator-ranger/blob/master/security-admin/src/main/java/org/apache/range....

View solution in original post

2 REPLIES 2

avatar
Rising Star

The REST endpoint you used is for the older version of Ranger, which does not handle recent additions like row-filter/column masking policies. Please use REST endpoint at service/public/v2/api/policy (note "/v2" in the path). For more details on the API, please see wiki at https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Service+Definition%2C+Service+and+P...

If it helps to look at the Java source for the REST API - it is available is at https://github.com/apache/incubator-ranger/blob/master/security-admin/src/main/java/org/apache/range....

avatar
Super Guru

Thank you for your response. That was the problem. I was using the Hortonworks documentation which does not show the version part of the URL:

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/ranger_rest_api_get_pol...