Help Center> DataArts Lake Formation> API Reference> API> LakeCat> Authorization Management> Obtaining Synchronization Permission Policies

Updated on 2024-02-21 GMT+08:00

View PDF

Obtaining Synchronization Permission Policies

Function

This API is used to obtain synchronization permission policies.

URI

GET /v1/{project_id}/instances/{instance_id}/policies/policy

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For how to obtain the project ID, see Obtaining a Project ID (lakeformation_04_0026.xml).
instance_id	Yes	String	LakeFormation instance ID. The value is automatically generated when the instance is created, for example, 2180518f-42b8-4947-b20b-adfc53981a25.

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
last_known_version	No	Long	Latest known version.
supports_policy_deltas	No	Boolean	Whether to support the incremental synchronization policy. The default value is false.
is_return_policy_data	No	Boolean	Whether to return permission policy data. The default value is true.
catalog_name	No	String	Catalog name. The value should contain 1 to 256 characters. Only letters, numbers, and underscores (_) are allowed.

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	Array of strings	Tenant token.

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
policy_version	Long	Policy version.
policy_updateTime	String	Policy update time.
policies	Array of Policy objects	Permission policies.
policy_deltas	Array of PolicyDelta objects	Incremental permission policies.

**Table 5** Policy
Parameter	Type	Description
allow_exceptions	Array of PolicyItem objects	Excluded allow rules.
conditions	Array of PolicyItemCondition objects	Condition attributes.
create_time	String	Creation time.
created_by	String	Creator.
data_mask_policy_items	Array of DataMaskPolicyItem objects	Class mask policy items.
deny_exceptions	Array of PolicyItem objects	Deny exclusion policies.
deny_policy_items	Array of PolicyItem objects	Deny policies.
description	String	Description.
guid	String	Unique GUID.
id	Long	Primary key.
is_audit_enabled	Boolean	Whether to enable auditing.
is_default_policy	Boolean	Whether this policy is the default one.
is_deny_all_else	Boolean	Whether to reject all.
is_enabled	Boolean	Whether to enable it.
name	String	Name.
options	Object	Options.
policy_items	Array of PolicyItem objects	Policy items.
policy_labels	Array of strings	Policy labels.
policy_priority	Integer	Policy priority.
policy_type	Integer	Policy type.
resource_signature	String	Resource signature.
resources	Map<String,PolicyResource>	Resources.
row_filter_policy_items	Array of RowFilterPolicyItem objects	Row-based filtering policy items.
service	String	Service.
service_type	String	Service type.
update_time	String	Update time.
updated_by	String	Updater.
validity_schedules	Array of ValiditySchedule objects	Verification period.
version	Long	Version.
zone_name	String	Zone name.

**Table 6** PolicyDelta
Parameter	Type	Description
policy	Policy object	Policy information.
change_type	Integer	Change type.

**Table 7** DataMaskPolicyItem
Parameter	Type	Description
accesses	Array of PolicyItemAccess objects	Access arrays.
conditions	Array of PolicyItemCondition objects	Condition arrays.
data_mask_info	PolicyItemDataMaskInfo object	Column mask policies.
delegate_admin	Boolean	Whether to support delegation.
groups	Array of strings	User groups.
roles	Array of strings	Roles.
users	Array of strings	Users.

**Table 8** PolicyItemDataMaskInfo
Parameter	Type	Description
condition_expr	String	Condition expression.
data_mask_type	String	Column mask type.
value_expr	String	Column mask expression.

**Table 9** PolicyItem
Parameter	Type	Description
accesses	Array of PolicyItemAccess objects	Access control data.
conditions	Array of PolicyItemCondition objects	Conditions.
delegate_admin	Boolean	Whether to support delegation.
groups	Array of strings	Groups.
roles	Array of strings	Roles.
users	Array of strings	Users.

**Table 10** PolicyResource
Parameter	Type	Description
is_excludes	Boolean	Whether to exclude it.
is_recursive	Boolean	Whether to perform this operation recursively.
values	Array of strings	Values.

**Table 11** RowFilterPolicyItem
Parameter	Type	Description
accesses	Array of PolicyItemAccess objects	Permissions.
conditions	Array of PolicyItemCondition objects	Conditions.
delegate_admin	Boolean	Whether to support delegation.
groups	Array of strings	Groups.
roles	Array of strings	Roles.
row_filter_info	PolicyItemRowFilterInfo object	Row filtering.
users	Array of strings	Users.

**Table 12** PolicyItemAccess
Parameter	Type	Description
is_allowed	Boolean	Whether to allow this operation.
type	String	Type.

**Table 13** PolicyItemCondition
Parameter	Type	Description
type	String	Condition type.
values	Array of strings	Condition value.

**Table 14** PolicyItemRowFilterInfo
Parameter	Type	Description
filter_expr	String	Row filter expression.

**Table 15** ValiditySchedule
Parameter	Type	Description
end_time	String	End time.
recurrences	Array of ValidityRecurrence objects	Policy recursion.
start_time	String	Start time.
time_zone	String	Time zone.

**Table 16** ValidityRecurrence
Parameter	Type	Description
interval	ValidityInterval object	Interval.
schedule	RecurrenceSchedule object	Period.

**Table 17** ValidityInterval
Parameter	Type	Description
days	Integer	Days.
hours	Integer	Hours.
minutes	Integer	Minutes.

**Table 18** RecurrenceSchedule
Parameter	Type	Description
day_of_month	String	Date (by month).
day_of_week	String	Date (by week).
hour	String	Hour.
minute	String	Minute.
month	String	Month.
year	String	Year.

Status code: 400

**Table 19** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
solution_msg	String	Solution.

Status code: 404

**Table 20** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
solution_msg	String	Solution.

Status code: 500

**Table 21** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
solution_msg	String	Solution.

Example Requests

GET https://{endpoint}/v1/{project_id}/instances/{instance_id}/policies/policy

Example Responses

Status code: 200

{
  "policy_version" : 217,
  "policy_updateTime" : "1657788005000",
  "policies" : [ {
    "allow_exceptions" : [ ],
    "data_mask_policy_items" : [ ],
    "deny_exceptions" : [ ],
    "deny_policy_items" : [ {
      "accesses" : [ {
        "is_allowed" : true,
        "type" : "select"
      } ],
      "conditions" : [ {
        "type" : "ip-range",
        "values" : [ "*.*.*.*" ]
      } ],
      "delegate_admin" : false,
      "groups" : [ "groupD" ],
      "roles" : [ ],
      "users" : [ ]
    } ],
    "id" : 39,
    "is_audit_enabled" : true,
    "is_default_policy" : false,
    "is_deny_all_else" : false,
    "is_enabled" : true,
    "name" : "database_a.test.[**]-table_all_column",
    "options" : { },
    "policy_items" : [ {
      "accesses" : [ {
        "is_allowed" : true,
        "type" : "select"
      } ],
      "conditions" : [ ],
      "delegate_admin" : true,
      "groups" : [ "groupA" ],
      "roles" : [ ],
      "users" : [ ]
    }, {
      "accesses" : [ {
        "is_allowed" : true,
        "type" : "select"
      } ],
      "conditions" : [ ],
      "delegate_admin" : true,
      "groups" : [ "groupB" ],
      "roles" : [ ],
      "users" : [ ]
    } ],
    "policy_labels" : [ ],
    "policy_priority" : 0,
    "policy_type" : 0,
    "resources" : {
      "database" : {
        "is_excludes" : false,
        "is_recursive" : false,
        "values" : [ "database_a" ]
      },
      "column" : {
        "is_excludes" : false,
        "is_recursive" : false,
        "values" : [ "**" ]
      },
      "table" : {
        "is_excludes" : false,
        "is_recursive" : false,
        "values" : [ "test" ]
      }
    },
    "row_filter_policy_items" : [ ],
    "service" : "Hive",
    "service_type" : "hive",
    "validity_schedules" : [ ]
  } ]
}

Status code: 400

Bad Request

{
  "error_code" : "common.01000001",
  "error_msg" : "failed to read http request, please check your input, code: 400, reason: Type mismatch., cause: TypeMismatchException"
}

Status code: 401

Unauthorized

{
  "error_code": 'APIG.1002',
  "error_msg": 'Incorrect token or token resolution failed'
}

Status code: 403

Forbidden

{
  "error" : {
    "code" : "403",
    "message" : "X-Auth-Token is invalid in the request",
    "error_code" : null,
    "error_msg" : null,
    "title" : "Forbidden"
  },
  "error_code" : "403",
  "error_msg" : "X-Auth-Token is invalid in the request",
  "title" : "Forbidden"
}

Status code: 404

Not Found

{
  "error_code" : "common.01000001",
  "error_msg" : "response status exception, code: 404"
}

Status code: 408

Request Timeout

{
  "error_code" : "common.00000408",
  "error_msg" : "timeout exception occurred"
}

Status code: 500

Internal Server Error

{
  "error_code" : "common.00000500",
  "error_msg" : "internal error"
}

Status Codes

Status Code	Description
200	OK
400	Bad Request
401	Unauthorized
403	Forbidden
404	Not Found
408	Request Timeout
500	Internal Server Error

Error Codes

See Error Codes.

Parent topic: Authorization Management

Previous topic: Granting Permissions in Batches

Next topic: Canceling Batch Authorization

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot