policy list
List security policies using the CLI.
Syntax
- CLI
-
Use the following command to display the list of security policies. This command returns just the list of security policies that the user is allowed to view. Therefore, if there are a total of 10 security policies, but the administrative privileges only allow the user to view 6 of them, then this command returns the details of the 6 security policies.
For the 4 remaining security policies, this command returns just the name and ID fields:
/opt/mapr/bin/maprcli security policy list [ -cluster cluster-name] [ -output terse|verbose. Default: verbose] [ -start <start record number, starting from 0>. Default: 0 ] [ -limit <limit>. Default: 2147483647 ] [ -filter <filters>. Default: none ] [ -columns <comma-separated list of column names>. Default: all ] [ -sortby <sort field> ] [ -sortorder asc|desc ] [ -expandaces true|false. Default: false ]
- REST
Request Type GET Request URL http[s]://<host>:<port>/rest/security/policy/list?<parameters>
Parameters
Parameter |
Description |
|||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
cluster |
The cluster name on which to run the command. This parameter is optional. The local cluster is the default cluster. | |||||||||||||||||||||||||||
output |
Specifies whether the output should be Default: |
|||||||||||||||||||||||||||
|
Starting record to return. Default: |
|||||||||||||||||||||||||||
|
Number of rows to return, beginning at Default: |
|||||||||||||||||||||||||||
|
A filter specifying the policies to display. The supported filters are as follows:
|
|||||||||||||||||||||||||||
|
A comma-separated list of fields to return in the query. See the
When issuing
|
|||||||||||||||||||||||||||
|
The field on which the results should be sorted. You can use either of the two long names or the shortname. Valid values are:
|
|||||||||||||||||||||||||||
|
The sort order. Valid values are |
|||||||||||||||||||||||||||
|
Expand ACEs into their respective fields for display. Default: |
Examples
Example 1
A user without
administrative privileges can only view the security policy name and ID. In the following
example, there are 2 security policies pci
and hipaa
.
test1
is a user with a regular user ticket, but without administrative
privileges. This user can only view the name
and id
fields
of the security policies:
/opt/mapr/bin/maprcli security policy list -json
{
"timestamp":1548363754194,
"timeofday":"2019-01-24 01:02:34.194 GMT-0800 PM",
"status":"OK",
"total":2,
"data":[
{
"policyname":"pci",
"policyid":1
},
{
"policyname":"hipaa",
"policyid":2
}
]
}
curl -u mapr:mapr -X GET -k "https://host:8443/rest/security/policy/list"
{"timestamp":1548363754194,"timeofday":"2019-01-24 01:02:34.194 GMT-0800 PM","status":"OK","total":2,"data":[{"policyname":"pci","policyid":1},{"policyname":"hipaa","policyid":2}]}
Example 2
List the policies sorted by their name. You can use
either of the two sortby
long names parameters, or the shortname parameter
to sort the policies. In this example, the two policies are MILITARY and TOPSECRET. The
policies are displayed in the ascending order of their name.
/opt/mapr/bin/maprcli security policy list -sortby securitypolicyname -json
{
"timestamp":1554957377267,
"timeofday":"2019-04-10 09:36:17.267 GMT-0700 PM",
"status":"OK",
"total":2,
"data":[
{
"policyname":"MILITARY",
"policyid":2,
"mtime":"Tue Apr 09 06:07:54 PDT 2019",
"ctime":"Tue Apr 09 04:19:00 PDT 2019",
"wiresecurity":"1",
"audited":"0",
"allowtagging":"1",
"accesscontrol":"Disarmed",
"enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent",
"disableddataauditoperations":"",
"acl":{
"Principal":"User root",
"Allowed actions":"[r, a, fc]"
},
"aces":{
"writeaces":"u:user7 | u:user10"
"unmaskedreaddbace":"u:user7"
}
},
{
"policyname":"TOPSECRET",
"policyid":1,
"mtime":"Mon Apr 08 22:33:52 PDT 2019",
"ctime":"Mon Apr 08 22:33:52 PDT 2019",
"wiresecurity":"1",
"audited":"0",
"allowtagging":"1",
"accesscontrol":"Armed",
"enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent",
"disableddataauditoperations":"",
"acl":[
{
"Principal":"User user7",
"Allowed actions":"[r, a, fc]"
},
{
"Principal":"User user10",
"Allowed actions":"[a]"
}
]
}
]
}
Now use the other long name parameter to see if you get the same result:
/opt/mapr/bin/maprcli security policy list -sortby policyname -json
{
"timestamp":1554957411992,
"timeofday":"2019-04-10 09:36:51.992 GMT-0700 PM",
"status":"OK",
"total":2,
"data":[
{
"policyname":"MILITARY",
"policyid":2,
"mtime":"Tue Apr 09 06:07:54 PDT 2019",
"ctime":"Tue Apr 09 04:19:00 PDT 2019",
"wiresecurity":"1",
"audited":"0",
"allowtagging":"1",
"accesscontrol":"Disarmed",
"enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent",
"disableddataauditoperations":"",
"acl":{
"Principal":"User root",
"Allowed actions":"[r, a, fc]"
},
"aces":{
"writeaces":"u:user7 | u:user10"
"unmaskedreaddbace":"u:user7"
}
},
{
"policyname":"TOPSECRET",
"policyid":1,
"mtime":"Mon Apr 08 22:33:52 PDT 2019",
"ctime":"Mon Apr 08 22:33:52 PDT 2019",
"wiresecurity":"1",
"audited":"0",
"allowtagging":"1",
"accesscontrol":"Armed",
"enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent",
"disableddataauditoperations":"",
"acl":[
{
"Principal":"User user7",
"Allowed actions":"[r, a, fc]"
},
{
"Principal":"User user10",
"Allowed actions":"[a]"
}
]
}
]
}
Finally, use the shortname to check if you get the same result:
/opt/mapr/bin/maprcli security policy list -sortby n -json
{
"timestamp":1554957425876,
"timeofday":"2019-04-10 09:37:05.876 GMT-0700 PM",
"status":"OK",
"total":2,
"data":[
{
"policyname":"MILITARY",
"policyid":2,
"mtime":"Tue Apr 09 06:07:54 PDT 2019",
"ctime":"Tue Apr 09 04:19:00 PDT 2019",
"wiresecurity":"1",
"audited":"0",
"allowtagging":"1",
"accesscontrol":"Disarmed",
"enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent",
"disableddataauditoperations":"",
"acl":{
"Principal":"User root",
"Allowed actions":"[r, a, fc]"
},
"aces":{
"writeaces":"u:user7 | u:user10"
"unmaskedreaddbace":"u:user7"
}
},
{
"policyname":"TOPSECRET",
"policyid":1,
"mtime":"Mon Apr 08 22:33:52 PDT 2019",
"ctime":"Mon Apr 08 22:33:52 PDT 2019",
"wiresecurity":"1",
"audited":"0",
"allowtagging":"1",
"accesscontrol":"Armed",
"enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent",
"disableddataauditoperations":"",
"acl":[
{
"Principal":"User user7",
"Allowed actions":"[r, a, fc]"
},
{
"Principal":"User user10",
"Allowed actions":"[a]"
}
]
}
]
}
curl -u mapr:mapr -X GET -k "https://host:8443/rest/security/policy/list?&sortby=securitypolicyname"
{"timestamp":1554958689389,"timeofday":"2019-04-10 09:58:09.389 GMT-0700 PM","status":"OK","total":2,"data":[{"policyname":"MILITARY","policyid":2,"mtime":"Tue Apr 09 06:07:54 PDT 2019","ctime":"Tue Apr 09 04:19:00 PDT 2019","wiresecurity":"1","audited":"0","allowtagging":"1","accesscontrol":"Disarmed","enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent","disableddataauditoperations":"","acl":{"Principal":"User root","Allowed actions":"[r, a, fc]"},"aces":{"writeaces":"u:user7 | u:user10"},{"unmaskedreaddbace":"u:user7"},{"policyname":"TOPSECRET","policyid":1,"mtime":"Mon Apr 08 22:33:52 PDT 2019","ctime":"Mon Apr 08 22:33:52 PDT 2019","wiresecurity":"1","audited":"0","allowtagging":"1","accesscontrol":"Armed","enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent","disableddataauditoperations":"","acl":[{"Principal":"User user7","Allowed actions":"[r, a, fc]"},{"Principal":"User user10","Allowed actions":"[a]"}]}]}
Example 3
Display just the name of the policy and the access control state./opt/mapr/bin/maprcli security policy list -columns "policyname,accesscontrol"
accesscontrol policyname
Armed TOPSECRET
Disarmed MILITARY
curl -u mapr:mapr -X GET -k "https://host:8443/rest/security/policy/list?&sortby=securitypolicyname&columns=policyname,accesscontrol"
{"timestamp":1554959313985,"timeofday":"2019-04-10 10:08:33.985 GMT-0700 PM","status":"OK","total":2,"data":[{"policyname":"MILITARY","accesscontrol":"Disarmed"},{"policyname":"TOPSECRET","accesscontrol":"Armed"}]}
Example 4
Use a filter to search for matching policy(ies):/opt/mapr/bin/maprcli security policy list -filter \[n=="TOP*"\] -json
{
"timestamp":1554963795805,
"timeofday":"2019-04-10 11:23:15.805 GMT-0700 PM",
"status":"OK",
"total":1,
"data":[
{
"policyname":"TOPSECRET",
"policyid":1,
"mtime":"Mon Apr 08 22:33:52 PDT 2019",
"ctime":"Mon Apr 08 22:33:52 PDT 2019",
"wiresecurity":"1",
"audited":"0",
"allowtagging":"1",
"accesscontrol":"Armed",
"enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent",
"disableddataauditoperations":"",
"acl":[
{
"Principal":"User user7",
"Allowed actions":"[r, a, fc]"
},
{
"Principal":"User user10",
"Allowed actions":"[a]"
}
]
}
]
}
curl -u mapr:mapr -X GET -k "https://host:8443/rest/security/policy/list?&filter=%5Bn%3D%3DTOP*%5D"
{"timestamp":1554977760323,"timeofday":"2019-04-11 03:16:00.323 GMT-0700 AM","status":"OK","total":1,"data":[{"policyname":"TOPSECRET","policyid":1,"mtime":"Mon Apr 08 22:33:52 PDT 2019","ctime":"Mon Apr 08 22:33:52 PDT 2019","wiresecurity":"1","audited":"0","allowtagging":"1","accesscontrol":"Armed","enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent","disableddataauditoperations":"","acl":[{"Principal":"User user7","Allowed actions":"[r, a, fc]"},{"Principal":"User user10","Allowed actions":"[a]"}]}]}