Member since
03-29-2016
36
Posts
12
Kudos Received
5
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
1571 | 04-08-2018 09:30 PM | |
911 | 03-15-2018 08:13 PM | |
1348 | 03-14-2018 04:10 PM | |
2411 | 03-14-2018 03:48 PM | |
1585 | 02-19-2018 01:03 AM |
03-04-2018
08:49 PM
@Madhan Neethiraj I'm having problems getting the tag policy to work. Here are the steps I've taken: Disabled resource policies - holger_gov cannot select on default and foodmart database Created a tag called tennant_xxx Created a tag policy giving access to holger_gov if tag is tennant_xxx - so far so good as holger_gov now has select access Created a tag called DATA_ZONE with attribute name (type string) and added to default and footmart database - one with a name = data_lake and one with name = staging Added policy condition: ctx.getAttributeValue("DATA_ZONE", "name").equals("data_lake") But holger_gov can still select on both databases - I only want the data_lake one to be selectable. I have tried various combinations to try to get it to work including the below, but to no avail. Any ideas? if(ctx.getAttributeValue("DATA_ZONE", "name").equals("data_lake")) {
ctx.result = true;
} else {
ctx.result = false;
}
... View more
02-28-2018
12:50 PM
Thanks, @Madhan Neethiraj - that's very helpful indeed. And I like your suggestion about how to structure the Ranger policies - very logical. I will try this out and will post back if I have any other queries about this.
... View more
02-23-2018
05:49 PM
1 Kudo
Is it possible to reference more than one Atlas tag in one Ranger policy via the Policy Conditions? I can set-up allow or deny tag policies, but would like to reference a combination of tags in the Policy Conditions on one policy. Is this possible? Example Let's say I have these 3 tags: (tenancy_component with some attributes, tenancy_xxx and tenancy_yyy). {
"classificationDefs":[
{
"createdBy": "Laura",
"name": "tenancy_component",
"description": "tenancy_component",
"attributeDefs": [
{
"name":"landing",
"typeName":"boolean",
"isOptional":"true",
"isUnique":"false",
"isIndexable":"true",
"cardinality":"SINGLE"
},
{
"name":"staging",
"typeName":"boolean",
"isOptional":"true",
"isUnique":"false",
"isIndexable":"true",
"cardinality":"SINGLE"
},
{
"name":"data_lake",
"typeName":"boolean",
"isOptional":"true",
"isUnique":"false",
"isIndexable":"true",
"cardinality":"SINGLE"
}],
"superTypes": []
}
]
}
{
"classificationDefs":[
{
"createdBy": "Laura",
"name": "tenancy_xxx",
"description": "tenancy_xxx",
"attributeDefs": [
{
}],
"superTypes": []
},
{
"createdBy": "Laura",
"name": "tenancy_yyy",
"description": "tenancy_yyy",
"attributeDefs": [
{
}],
"superTypes": []
}
]
}
I want to provide access (ABAC) to a role such that it doesn't have access to landing unless it is in tenancy xxx, it has access to the data lake for tenancy xxx but not yyy. The role only have access to staging if it is part of tenancy_yyy. Database name Tags Access db1 tenancy_xxx, tenancy_component.landing=true Access db2 tenancy_xxx, tenancy_component.staging=true Deny db3 tenancy_xxx, tenancy_component.data_lake=true Access db5 tenancy_yyy, tenancy_component.landing=true Deny db6 tenancy_yyy, tenancy_component.staging=true Access db7 tenancy_yyy, tenancy_component.data_lake=true Deny db7 tenancy_component.data_lake=true Deny How many tag policies should I have and how would I do it?
... View more
Labels:
- Labels:
-
Apache Atlas
-
Apache Ranger
02-19-2018
01:03 AM
I actually figured it out myself. I needed to use the following JavaScript for the policy conditions: tagAttr.masking_type=='hash' tagAttr.masking_type=='nullify' tagAttr.masking_type=='year' tagAttr.last_4
... View more
02-15-2018
12:25 AM
I want to mask some data. I'm testing in the 2.6.3 sandbox I have created a tag: {"category": "CLASSIFICATION",
"guid": "bb29dc29-11ba-4d92-8d8f-fdca8ae92ea4",
"createdBy": "holger_gov",
"updatedBy": "holger_gov",
"createTime": 1518326442355,
"updateTime": 1518326442355,
"version": 1,
"name": "test_pii_tag",
"description": "test_pii_tag",
"typeVersion": "1.0",
"attributeDefs": [ {"name": "masking_type",
"typeName": "string",
"isOptional": true,
"cardinality": "SINGLE",
"valuesMinCount": 0,
"valuesMaxCount": 1,
"isUnique": false,
"isIndexable": false
},
{"name": "last_4",
"typeName": "boolean",
"isOptional": true,
"cardinality": "SINGLE",
"valuesMinCount": 0,
"valuesMaxCount": 1,
"isUnique": false,
"isIndexable": false
}
],
"superTypes": [],
}
I have tagged 4 columns on foodmart.customer with test_pii_tag and set the following attributes: lname (attribute string masking_type = "hash") fname (attribute string masking_type = "nullify") address1 (attribute boolean last_4 = true ) birthdate (attribute string masking_type = "year") I created one Ranger tag policy and set the following deny setting for raj_ops: Mask: Hive hash if ( tagAttr.get('masking_type').equals("hash") ) {
ctx.result = true;
}
Mask: Hive nullify if ( tagAttr.get('masking_type').equals("nullify") ) {
ctx.result = true;
}
Mask: Hive Date: show only year if ( tagAttr.get('masking_type').equals("year") ) {
ctx.result = true;
}
Mask: Hive Partial mask show last 4 if ( tagAttr.get('last_4').equals("true") ) {
ctx.result = true;
}
-- I also tried the below with the same results
if ( tagAttr.get('last_4') ) {
ctx.result = true;
} When I run SELECT * FROM customer LIMIT 100; I see the following: lname is hashed - as expected fname null - as expected address1 is hashed - not as expected birthdate yyyy-01-01 as expected What is wrong with my javascript expressions to cause address1 to be hashed instead of 'Partial mask show last 4'?
... View more
Labels:
- Labels:
-
Apache Atlas
-
Apache Ranger
01-24-2018
03:48 PM
There's documentation for creating a child/parent relationship for classifications in the UI. What would be the equivalent script for creating the same relationship in the API? Let's say I have a parent classification named 'security_protection'. I want to create child classifications via API request named 'disk_encryption' and field_encryption'. What would be the v2 API request to do this? Thanks in advance. Version 2.6.3
... View more
Labels:
- Labels:
-
Apache Atlas
09-11-2017
10:28 AM
@Eyad Garelnabi - Will the optionality on tag propagation be system wide, or would it be possible to exclude some tags from being propagated whilst propagating others?
... View more
06-28-2017
08:17 AM
I'm posting this in case anyone finds it useful. There's now a way for metamodels to inherit values from other values, but in 0.8 you can use the qualifiedName instead of the guid, which is much better. Type POST http://127.0.0.1:21000/api/atlas/v2/types/typedefs {
"enumDefs":[],
"structDefs":[],
"classificationDefs":[],
"entityDefs":[
{
"superTypes":[
"DataSet"
],
"name":"test_entity_18",
"description":"test_entity_18",
"attributeDefs":[
{
"name":"test_18",
"isOptional":true,
"isUnique":true,
"isIndexable":false,
"typeName":"string",
"valuesMaxCount":1,
"cardinality":"SINGLE",
"valuesMinCount":0
},
{
"name":"test_18_db",
"isOptional":true,
"isUnique":true,
"isIndexable":false,
"typeName":"hive_db",
"valuesMaxCount":1,
"cardinality":"SINGLE",
"valuesMinCount":0
}
]
}
]
} Entity POST http://127.0.0.1:21000/api/atlas/v2/entity {
"entity": {
"typeName": "test_entity_18",
"createdBy": "admin",
"updatedBy": "admin",
"attributes": {
"description": "test decription",
"name": "test_entity_18",
"owner": "admin",
"qualifiedName": "test_entity_18",
"test_18": "attr1",
"test_18_db": {
"typeName": "hive_db",
"uniqueAttributes": {
"qualifiedName": "default@Sandbox"
}
}
},
"guid": -1
},
"referredEntities": {}
} I learnt this from here - https://issues.apache.org/jira/browse/ATLAS-1506
... View more
06-25-2017
07:58 PM
Thank you, that helps enormously! I'm obviously doing something wrong with the GET /v2/entity/uniqueAttribute/type/{typeName} I created an entityDefs type called test_entity_15. I then created an entity called test_entity_15. {
"enumDefs":[],
"structDefs":[],
"classificationDefs":[],
"entityDefs":[
{
"superTypes":[
"DataSet"
],
"name":"test_entity_15",
"description":"test_entity_15",
"attributeDefs":[
{
"name":"test_15_1",
"isOptional":true,
"isUnique":true,
"isIndexable":false,
"typeName":"string",
"valuesMaxCount":1,
"cardinality":"SINGLE",
"valuesMinCount":0
}
]
}
]
} {
"entity": {
"typeName": "test_entity_15",
"attributes": {
"description": "test_entity_15",
"name": "test_entity_15_1",
"owner": "admin",
"qualifiedName": "test_entity_15@Sandbox",
"test_15_1": "attr1"
},
"guid": -1
},
"referredEntities": {}
} But when I try GET http://127.0.0.1:21000/api/atlas/v2/entity/uniqueAttribute/type/test_entity_15 I get this error. {
"errorCode": "ATLAS-400-00-013",
"errorMessage": "Type test_entity_15 with unique attribute does not exist"
}
I set "isUnique" to true, so I'm not sure what else is preventing the unique attribute! Also, I created a JIRA due to the createdBy and updatedBy inconsistency between type and entity POSTs- https://issues.apache.org/jira/browse/ATLAS-1895
... View more
06-25-2017
03:31 PM
Thank you for you're help @Ashutosh Mestry and @Sarath Subramanian. And apologies for the late response. For anyone who is interested, here's what happened when I posted the entity. Response: {
"mutatedEntities": {
"CREATE": [ {
"typeName": "test_entity_7",
"attributes": {
"qualifiedName": "test_entity_7_hw@Sandbox"
}
,
"guid": "01960675-149f-43da-bdb8-da79058beb51",
"status": "ACTIVE"
}
],
}
,
"guidAssignments": {
-1: "01960675-149f-43da-bdb8-da79058beb51"
}
} GET http://127.0.0.1:21000/api/atlas/v2/entity/guid/01960675-149f-43da-bdb8-da79058beb51 {
"referredEntities": {
}
,
"entity": {
"typeName": "test_entity_7",
"attributes": {
"owner": "admin",
"test_7_2": "attr2",
"test_7_1": "attr1",
"qualifiedName": "test_entity_7_hw@Sandbox",
"name": "test_entity_7_hw",
"description": "test decription"
}
,
"guid": "01960675-149f-43da-bdb8-da79058beb51",
"status": "ACTIVE",
"createdBy": "holger_gov",
"updatedBy": "holger_gov",
"createTime": 1498267676098,
"updateTime": 1498267676098,
"version": 0,
"classifications": [],
}
}
I'm just testing in a sandbox and using Chrome apps 'Advanced REST client'. Is this why createdBy and updatedBy is set to holger_gov? If I set the createdBy and updatedBy I still get the holger_gov: POST http://127.0.0.1:21000/api/atlas/v2/entity {
"entity": {
"typeName": "test_entity_7",
"createdBy": "admin",
"updatedBy": "admin",
"attributes": {
"description": "test decription",
"name": "test_entity_7_hw_admin",
"owner": "admin",
"qualifiedName": "test_entity_7_hw_admin@Sandbox",
"test_7_1": "attr1",
"test_7_2": "attr2"
},
"guid": -1
},
"referredEntities": {}
}
Response {
"mutatedEntities": {
"CREATE": [ {
"typeName": "test_entity_7",
"attributes": {
"qualifiedName": "test_entity_7_hw_admin@Sandbox"
}
,
"guid": "ed9cf696-cd76-4814-a407-9fdb8d18da3c",
"status": "ACTIVE"
}
],
}
,
"guidAssignments": {
-1: "ed9cf696-cd76-4814-a407-9fdb8d18da3c"
}
}
GET http://127.0.0.1:21000/api/atlas/v2/entity/guid/ed9cf696-cd76-4814-a407-9fdb8d18da3c {
"referredEntities": {
}
,
"entity": {
"typeName": "test_entity_7",
"attributes": {
"owner": "admin",
"test_7_2": "attr2",
"test_7_1": "attr1",
"qualifiedName": "test_entity_7_hw_admin@Sandbox",
"name": "test_entity_7_hw_admin",
"description": "test decription"
}
,
"guid": "ed9cf696-cd76-4814-a407-9fdb8d18da3c",
"status": "ACTIVE",
"createdBy": "holger_gov",
"updatedBy": "holger_gov",
"createTime": 1498268595794,
"updateTime": 1498268595794,
"version": 0,
"classifications": [],
}
}
Also, how do I use /v2/entity/bulk? I get the following error: {
"errorCode": "ATLAS-404-00-005",
"errorMessage": "Given instance guid {0} is invalid/not found"
}
I currently can't find a way of returning the GET for an attribute without first copying the guid when I first create it!!!
... View more
- « Previous
-
- 1
- 2
- Next »