Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Unable to create Ranger Hive row level filter Security policies via Ranger REST API

avatar
New Contributor

I am trying to create Ranger hive row-level filter policies using Rest API. I am truying to use this bellow Json format but it is creating just regular hive policy instead of row-level filter policy. Any clue on the best Jason format ?

 

curl -iv -u USERID:PASSWD -H "Content-Type: application/json" -X POST http://HOSTNAME001:6080/service/public/api/policy/ -d '{
"policyName": "RESTAPI_TEST",
"databases": "Test_databse",
"tables": "Test_table",
"columns": "*",
"udfs": "",
"description": "Hive Row Level Filter Policy",
"isEnabled": true,
"isAuditEnabled": true,
"rowFilterPolicyItems" : [ {
"rowFilterInfo" : {
"filterExpr" : "ROW_DVI = 02"
},
"delegateAdmin" : false,
"accesses" : [ {
"type" : "Select",
"isAllowed" : true
} ],
"users" : [ "USER_ID123" ]
}]}'

1 ACCEPTED SOLUTION

avatar
Super Collaborator

Policy type is missing. By default policyType is 0 which is Access type. 

 

Try with below API. 

 

curl -u admin -H 'Content-Type: application/json' -H 'Accept: application/json' -X POST -d '
{"policyType":"2","name":"row_policy_1","isEnabled":true,"policyPriority":0,"policyLabels":[],"description":"","isAuditEnabled":true,"resources":{"database":{"values":["default"],"isRecursive":false,"isExcludes":false},"table":{"values":["test_table"],"isRecursive":false,"isExcludes":false}},"rowFilterPolicyItems":[{"users":["hr1"],"accesses":[{"type":"select","isAllowed":true}],"rowFilterInfo":{"filterExpr":"c1=true"}}],"service":"c116_hive"}' http://ranger-admin:6080/service/plugins/policies -v

View solution in original post

1 REPLY 1

avatar
Super Collaborator

Policy type is missing. By default policyType is 0 which is Access type. 

 

Try with below API. 

 

curl -u admin -H 'Content-Type: application/json' -H 'Accept: application/json' -X POST -d '
{"policyType":"2","name":"row_policy_1","isEnabled":true,"policyPriority":0,"policyLabels":[],"description":"","isAuditEnabled":true,"resources":{"database":{"values":["default"],"isRecursive":false,"isExcludes":false},"table":{"values":["test_table"],"isRecursive":false,"isExcludes":false}},"rowFilterPolicyItems":[{"users":["hr1"],"accesses":[{"type":"select","isAllowed":true}],"rowFilterInfo":{"filterExpr":"c1=true"}}],"service":"c116_hive"}' http://ranger-admin:6080/service/plugins/policies -v