Obtaining Synchronization Permission Policies
Function
This API is used to obtain synchronization permission policies.
URI
GET /v1/{project_id}/instances/{instance_id}/policies/policy
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID. For how to obtain the project ID, see Obtaining a Project ID (lakeformation_04_0026.xml). |
|
instance_id |
Yes |
String |
LakeFormation instance ID. The value is automatically generated when the instance is created, for example, 2180518f-42b8-4947-b20b-adfc53981a25. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
last_known_version |
No |
Long |
Latest known version. |
|
supports_policy_deltas |
No |
Boolean |
Whether to support the incremental synchronization policy. The default value is false. |
|
is_return_policy_data |
No |
Boolean |
Whether to return permission policy data. The default value is true. |
|
catalog_name |
No |
String |
Catalog name. The value should contain 1 to 256 characters. Only letters, numbers, and underscores (_) are allowed. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
Array of strings |
Tenant token. |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
policy_version |
Long |
Policy version. |
|
policy_updateTime |
String |
Policy update time. |
|
policies |
Array of Policy objects |
Permission policies. |
|
policy_deltas |
Array of PolicyDelta objects |
Incremental permission policies. |
|
Parameter |
Type |
Description |
|---|---|---|
|
allow_exceptions |
Array of PolicyItem objects |
Excluded allow rules. |
|
conditions |
Array of PolicyItemCondition objects |
Condition attributes. |
|
create_time |
String |
Creation time. |
|
created_by |
String |
Creator. |
|
data_mask_policy_items |
Array of DataMaskPolicyItem objects |
Class mask policy items. |
|
deny_exceptions |
Array of PolicyItem objects |
Deny exclusion policies. |
|
deny_policy_items |
Array of PolicyItem objects |
Deny policies. |
|
description |
String |
Description. |
|
guid |
String |
Unique GUID. |
|
id |
Long |
Primary key. |
|
is_audit_enabled |
Boolean |
Whether to enable auditing. |
|
is_default_policy |
Boolean |
Whether this policy is the default one. |
|
is_deny_all_else |
Boolean |
Whether to reject all. |
|
is_enabled |
Boolean |
Whether to enable it. |
|
name |
String |
Name. |
|
options |
Object |
Options. |
|
policy_items |
Array of PolicyItem objects |
Policy items. |
|
policy_labels |
Array of strings |
Policy labels. |
|
policy_priority |
Integer |
Policy priority. |
|
policy_type |
Integer |
Policy type. |
|
resource_signature |
String |
Resource signature. |
|
resources |
Map<String,PolicyResource> |
Resources. |
|
row_filter_policy_items |
Array of RowFilterPolicyItem objects |
Row-based filtering policy items. |
|
service |
String |
Service. |
|
service_type |
String |
Service type. |
|
update_time |
String |
Update time. |
|
updated_by |
String |
Updater. |
|
validity_schedules |
Array of ValiditySchedule objects |
Verification period. |
|
version |
Long |
Version. |
|
zone_name |
String |
Zone name. |
|
Parameter |
Type |
Description |
|---|---|---|
|
policy |
Policy object |
Policy information. |
|
change_type |
Integer |
Change type. |
|
Parameter |
Type |
Description |
|---|---|---|
|
accesses |
Array of PolicyItemAccess objects |
Access arrays. |
|
conditions |
Array of PolicyItemCondition objects |
Condition arrays. |
|
data_mask_info |
PolicyItemDataMaskInfo object |
Column mask policies. |
|
delegate_admin |
Boolean |
Whether to support delegation. |
|
groups |
Array of strings |
User groups. |
|
roles |
Array of strings |
Roles. |
|
users |
Array of strings |
Users. |
|
Parameter |
Type |
Description |
|---|---|---|
|
condition_expr |
String |
Condition expression. |
|
data_mask_type |
String |
Column mask type. |
|
value_expr |
String |
Column mask expression. |
|
Parameter |
Type |
Description |
|---|---|---|
|
accesses |
Array of PolicyItemAccess objects |
Access control data. |
|
conditions |
Array of PolicyItemCondition objects |
Conditions. |
|
delegate_admin |
Boolean |
Whether to support delegation. |
|
groups |
Array of strings |
Groups. |
|
roles |
Array of strings |
Roles. |
|
users |
Array of strings |
Users. |
|
Parameter |
Type |
Description |
|---|---|---|
|
is_excludes |
Boolean |
Whether to exclude it. |
|
is_recursive |
Boolean |
Whether to perform this operation recursively. |
|
values |
Array of strings |
Values. |
|
Parameter |
Type |
Description |
|---|---|---|
|
accesses |
Array of PolicyItemAccess objects |
Permissions. |
|
conditions |
Array of PolicyItemCondition objects |
Conditions. |
|
delegate_admin |
Boolean |
Whether to support delegation. |
|
groups |
Array of strings |
Groups. |
|
roles |
Array of strings |
Roles. |
|
row_filter_info |
PolicyItemRowFilterInfo object |
Row filtering. |
|
users |
Array of strings |
Users. |
|
Parameter |
Type |
Description |
|---|---|---|
|
is_allowed |
Boolean |
Whether to allow this operation. |
|
type |
String |
Type. |
|
Parameter |
Type |
Description |
|---|---|---|
|
type |
String |
Condition type. |
|
values |
Array of strings |
Condition value. |
|
Parameter |
Type |
Description |
|---|---|---|
|
filter_expr |
String |
Row filter expression. |
|
Parameter |
Type |
Description |
|---|---|---|
|
end_time |
String |
End time. |
|
recurrences |
Array of ValidityRecurrence objects |
Policy recursion. |
|
start_time |
String |
Start time. |
|
time_zone |
String |
Time zone. |
|
Parameter |
Type |
Description |
|---|---|---|
|
interval |
ValidityInterval object |
Interval. |
|
schedule |
RecurrenceSchedule object |
Period. |
|
Parameter |
Type |
Description |
|---|---|---|
|
days |
Integer |
Days. |
|
hours |
Integer |
Hours. |
|
minutes |
Integer |
Minutes. |
|
Parameter |
Type |
Description |
|---|---|---|
|
day_of_month |
String |
Date (by month). |
|
day_of_week |
String |
Date (by week). |
|
hour |
String |
Hour. |
|
minute |
String |
Minute. |
|
month |
String |
Month. |
|
year |
String |
Year. |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
solution_msg |
String |
Solution. |
Status code: 404
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
solution_msg |
String |
Solution. |
Status code: 500
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
solution_msg |
String |
Solution. |
Example Requests
GET https://{endpoint}/v1/{project_id}/instances/{instance_id}/policies/policy
Example Responses
Status code: 200
OK
{
"policy_version" : 217,
"policy_updateTime" : "1657788005000",
"policies" : [ {
"allow_exceptions" : [ ],
"data_mask_policy_items" : [ ],
"deny_exceptions" : [ ],
"deny_policy_items" : [ {
"accesses" : [ {
"is_allowed" : true,
"type" : "select"
} ],
"conditions" : [ {
"type" : "ip-range",
"values" : [ "*.*.*.*" ]
} ],
"delegate_admin" : false,
"groups" : [ "groupD" ],
"roles" : [ ],
"users" : [ ]
} ],
"id" : 39,
"is_audit_enabled" : true,
"is_default_policy" : false,
"is_deny_all_else" : false,
"is_enabled" : true,
"name" : "database_a.test.[**]-table_all_column",
"options" : { },
"policy_items" : [ {
"accesses" : [ {
"is_allowed" : true,
"type" : "select"
} ],
"conditions" : [ ],
"delegate_admin" : true,
"groups" : [ "groupA" ],
"roles" : [ ],
"users" : [ ]
}, {
"accesses" : [ {
"is_allowed" : true,
"type" : "select"
} ],
"conditions" : [ ],
"delegate_admin" : true,
"groups" : [ "groupB" ],
"roles" : [ ],
"users" : [ ]
} ],
"policy_labels" : [ ],
"policy_priority" : 0,
"policy_type" : 0,
"resources" : {
"database" : {
"is_excludes" : false,
"is_recursive" : false,
"values" : [ "database_a" ]
},
"column" : {
"is_excludes" : false,
"is_recursive" : false,
"values" : [ "**" ]
},
"table" : {
"is_excludes" : false,
"is_recursive" : false,
"values" : [ "test" ]
}
},
"row_filter_policy_items" : [ ],
"service" : "Hive",
"service_type" : "hive",
"validity_schedules" : [ ]
} ]
}
Status code: 400
Bad Request
{
"error_code" : "common.01000001",
"error_msg" : "failed to read http request, please check your input, code: 400, reason: Type mismatch., cause: TypeMismatchException"
}
Status code: 401
Unauthorized
{
"error_code": 'APIG.1002',
"error_msg": 'Incorrect token or token resolution failed'
}
Status code: 403
Forbidden
{
"error" : {
"code" : "403",
"message" : "X-Auth-Token is invalid in the request",
"error_code" : null,
"error_msg" : null,
"title" : "Forbidden"
},
"error_code" : "403",
"error_msg" : "X-Auth-Token is invalid in the request",
"title" : "Forbidden"
}
Status code: 404
Not Found
{
"error_code" : "common.01000001",
"error_msg" : "response status exception, code: 404"
}
Status code: 408
Request Timeout
{
"error_code" : "common.00000408",
"error_msg" : "timeout exception occurred"
}
Status code: 500
Internal Server Error
{
"error_code" : "common.00000500",
"error_msg" : "internal error"
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
OK |
|
400 |
Bad Request |
|
401 |
Unauthorized |
|
403 |
Forbidden |
|
404 |
Not Found |
|
408 |
Request Timeout |
|
500 |
Internal Server Error |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
