0
# Policy Models
1
2
Rich domain models representing policies, service definitions, roles, and other security constructs with full serialization support. These model classes form the core data structures for defining and managing security policies in Apache Ranger.
3
4
## Capabilities
5
6
### RangerBaseModelObject
7
8
Abstract base class providing common functionality for all Ranger model objects, including identity management, auditing fields, and serialization support.
9
10
```java { .api }
11
/**
12
* Abstract base class for all Ranger model objects
13
*/
14
public abstract class RangerBaseModelObject implements java.io.Serializable {
15
/**
16
* Get the unique identifier for this object
17
* @return Unique ID
18
*/
19
public Long getId();
20
21
/**
22
* Set the unique identifier for this object
23
* @param id - Unique ID
24
*/
25
public void setId(Long id);
26
27
/**
28
* Get the globally unique identifier (GUID) for this object
29
* @return GUID string
30
*/
31
public String getGuid();
32
33
/**
34
* Set the globally unique identifier (GUID) for this object
35
* @param guid - GUID string
36
*/
37
public void setGuid(String guid);
38
39
/**
40
* Get the creation timestamp
41
* @return Creation date and time
42
*/
43
public Date getCreateTime();
44
45
/**
46
* Set the creation timestamp
47
* @param createTime - Creation date and time
48
*/
49
public void setCreateTime(Date createTime);
50
51
/**
52
* Get the last update timestamp
53
* @return Update date and time
54
*/
55
public Date getUpdateTime();
56
57
/**
58
* Set the last update timestamp
59
* @param updateTime - Update date and time
60
*/
61
public void setUpdateTime(Date updateTime);
62
63
/**
64
* Get the user who created this object
65
* @return Creator username
66
*/
67
public String getCreatedBy();
68
69
/**
70
* Set the user who created this object
71
* @param createdBy - Creator username
72
*/
73
public void setCreatedBy(String createdBy);
74
75
/**
76
* Get the user who last updated this object
77
* @return Updater username
78
*/
79
public String getUpdatedBy();
80
81
/**
82
* Set the user who last updated this object
83
* @param updatedBy - Updater username
84
*/
85
public void setUpdatedBy(String updatedBy);
86
87
/**
88
* Get the version number for optimistic locking
89
* @return Version number
90
*/
91
public Long getVersion();
92
93
/**
94
* Set the version number for optimistic locking
95
* @param version - Version number
96
*/
97
public void setVersion(Long version);
98
}
99
```
100
101
### RangerPolicy
102
103
Represents a security policy defining access control, data masking, or row filtering rules for specific resources.
104
105
```java { .api }
106
/**
107
* Represents a Ranger security policy
108
*/
109
public class RangerPolicy extends RangerBaseModelObject {
110
/**
111
* Access control policy type
112
*/
113
public static final int POLICY_TYPE_ACCESS = 0;
114
115
/**
116
* Data masking policy type
117
*/
118
public static final int POLICY_TYPE_DATAMASK = 1;
119
120
/**
121
* Row filtering policy type
122
*/
123
public static final int POLICY_TYPE_ROWFILTER = 2;
124
125
/**
126
* Audit policy type
127
*/
128
public static final int POLICY_TYPE_AUDIT = 3;
129
130
/**
131
* Normal policy priority
132
*/
133
public static final int POLICY_PRIORITY_NORMAL = 0;
134
135
/**
136
* Override policy priority (higher precedence)
137
*/
138
public static final int POLICY_PRIORITY_OVERRIDE = 1;
139
140
/**
141
* Null masking type - replaces value with NULL
142
*/
143
public static final String MASK_TYPE_NULL = "MASK_NULL";
144
145
/**
146
* No masking type - returns original value
147
*/
148
public static final String MASK_TYPE_NONE = "MASK_NONE";
149
150
/**
151
* Custom masking type - uses custom expression
152
*/
153
public static final String MASK_TYPE_CUSTOM = "CUSTOM";
154
155
/**
156
* Get the service name this policy belongs to
157
* @return Service name
158
*/
159
public String getService();
160
161
/**
162
* Set the service name this policy belongs to
163
* @param service - Service name
164
*/
165
public void setService(String service);
166
167
/**
168
* Get the policy name
169
* @return Policy name
170
*/
171
public String getName();
172
173
/**
174
* Set the policy name
175
* @param name - Policy name
176
*/
177
public void setName(String name);
178
179
/**
180
* Get the policy type (access, datamask, rowfilter, audit)
181
* @return Policy type constant
182
*/
183
public Integer getPolicyType();
184
185
/**
186
* Set the policy type (access, datamask, rowfilter, audit)
187
* @param policyType - Policy type constant
188
*/
189
public void setPolicyType(Integer policyType);
190
191
/**
192
* Get the policy priority (normal or override)
193
* @return Policy priority constant
194
*/
195
public Integer getPolicyPriority();
196
197
/**
198
* Set the policy priority (normal or override)
199
* @param policyPriority - Policy priority constant
200
*/
201
public void setPolicyPriority(Integer policyPriority);
202
203
/**
204
* Get the policy description
205
* @return Description text
206
*/
207
public String getDescription();
208
209
/**
210
* Set the policy description
211
* @param description - Description text
212
*/
213
public void setDescription(String description);
214
215
/**
216
* Check if auditing is enabled for this policy
217
* @return True if auditing enabled
218
*/
219
public Boolean getIsAuditEnabled();
220
221
/**
222
* Enable or disable auditing for this policy
223
* @param isAuditEnabled - True to enable auditing
224
*/
225
public void setIsAuditEnabled(Boolean isAuditEnabled);
226
227
/**
228
* Check if this policy is enabled
229
* @return True if policy is enabled
230
*/
231
public Boolean getIsEnabled();
232
233
/**
234
* Enable or disable this policy
235
* @param isEnabled - True to enable policy
236
*/
237
public void setIsEnabled(Boolean isEnabled);
238
239
/**
240
* Get the resources this policy applies to
241
* @return Map of resource name to resource definition
242
*/
243
public Map<String, RangerPolicyResource> getResources();
244
245
/**
246
* Set the resources this policy applies to
247
* @param resources - Map of resource name to resource definition
248
*/
249
public void setResources(Map<String, RangerPolicyResource> resources);
250
251
/**
252
* Get the policy items (allow rules)
253
* @return List of policy items
254
*/
255
public List<RangerPolicyItem> getPolicyItems();
256
257
/**
258
* Set the policy items (allow rules)
259
* @param policyItems - List of policy items
260
*/
261
public void setPolicyItems(List<RangerPolicyItem> policyItems);
262
263
/**
264
* Get the deny policy items (explicit deny rules)
265
* @return List of deny policy items
266
*/
267
public List<RangerPolicyItem> getDenyPolicyItems();
268
269
/**
270
* Set the deny policy items (explicit deny rules)
271
* @param denyPolicyItems - List of deny policy items
272
*/
273
public void setDenyPolicyItems(List<RangerPolicyItem> denyPolicyItems);
274
275
/**
276
* Get the allow exceptions (exceptions to deny rules)
277
* @return List of allow exception items
278
*/
279
public List<RangerPolicyItem> getAllowExceptions();
280
281
/**
282
* Set the allow exceptions (exceptions to deny rules)
283
* @param allowExceptions - List of allow exception items
284
*/
285
public void setAllowExceptions(List<RangerPolicyItem> allowExceptions);
286
287
/**
288
* Get the deny exceptions (exceptions to allow rules)
289
* @return List of deny exception items
290
*/
291
public List<RangerPolicyItem> getDenyExceptions();
292
293
/**
294
* Set the deny exceptions (exceptions to allow rules)
295
* @param denyExceptions - List of deny exception items
296
*/
297
public void setDenyExceptions(List<RangerPolicyItem> denyExceptions);
298
299
/**
300
* Get data masking policy items
301
* @return List of data masking items
302
*/
303
public List<RangerDataMaskPolicyItem> getDataMaskPolicyItems();
304
305
/**
306
* Set data masking policy items
307
* @param dataMaskPolicyItems - List of data masking items
308
*/
309
public void setDataMaskPolicyItems(List<RangerDataMaskPolicyItem> dataMaskPolicyItems);
310
311
/**
312
* Get row filtering policy items
313
* @return List of row filtering items
314
*/
315
public List<RangerRowFilterPolicyItem> getRowFilterPolicyItems();
316
317
/**
318
* Set row filtering policy items
319
* @param rowFilterPolicyItems - List of row filtering items
320
*/
321
public void setRowFilterPolicyItems(List<RangerRowFilterPolicyItem> rowFilterPolicyItems);
322
}
323
```
324
325
### RangerServiceDef
326
327
Defines the structure, capabilities, and configuration schema for a service type (e.g., HDFS, Hive, HBase).
328
329
```java { .api }
330
/**
331
* Defines the structure and capabilities of a service type
332
*/
333
public class RangerServiceDef extends RangerBaseModelObject {
334
/**
335
* Get the service type name
336
* @return Service type name (e.g., "hdfs", "hive")
337
*/
338
public String getName();
339
340
/**
341
* Set the service type name
342
* @param name - Service type name
343
*/
344
public void setName(String name);
345
346
/**
347
* Get the display name for UI
348
* @return Display name
349
*/
350
public String getDisplayName();
351
352
/**
353
* Set the display name for UI
354
* @param displayName - Display name
355
*/
356
public void setDisplayName(String displayName);
357
358
/**
359
* Get the implementation class name
360
* @return Fully qualified class name
361
*/
362
public String getImplClass();
363
364
/**
365
* Set the implementation class name
366
* @param implClass - Fully qualified class name
367
*/
368
public void setImplClass(String implClass);
369
370
/**
371
* Get the service label
372
* @return Service label
373
*/
374
public String getLabel();
375
376
/**
377
* Set the service label
378
* @param label - Service label
379
*/
380
public void setLabel(String label);
381
382
/**
383
* Get the service description
384
* @return Description text
385
*/
386
public String getDescription();
387
388
/**
389
* Set the service description
390
* @param description - Description text
391
*/
392
public void setDescription(String description);
393
394
/**
395
* Get service-wide options
396
* @return Map of option names to values
397
*/
398
public Map<String, String> getOptions();
399
400
/**
401
* Set service-wide options
402
* @param options - Map of option names to values
403
*/
404
public void setOptions(Map<String, String> options);
405
406
/**
407
* Get configuration definitions for this service type
408
* @return List of configuration definitions
409
*/
410
public List<RangerServiceConfigDef> getConfigs();
411
412
/**
413
* Set configuration definitions for this service type
414
* @param configs - List of configuration definitions
415
*/
416
public void setConfigs(List<RangerServiceConfigDef> configs);
417
418
/**
419
* Get resource definitions for this service type
420
* @return List of resource definitions
421
*/
422
public List<RangerResourceDef> getResources();
423
424
/**
425
* Set resource definitions for this service type
426
* @param resources - List of resource definitions
427
*/
428
public void setResources(List<RangerResourceDef> resources);
429
430
/**
431
* Get access type definitions for this service type
432
* @return List of access type definitions
433
*/
434
public List<RangerAccessTypeDef> getAccessTypes();
435
436
/**
437
* Set access type definitions for this service type
438
* @param accessTypes - List of access type definitions
439
*/
440
public void setAccessTypes(List<RangerAccessTypeDef> accessTypes);
441
442
/**
443
* Get policy condition definitions
444
* @return List of policy condition definitions
445
*/
446
public List<RangerPolicyConditionDef> getPolicyConditions();
447
448
/**
449
* Set policy condition definitions
450
* @param policyConditions - List of policy condition definitions
451
*/
452
public void setPolicyConditions(List<RangerPolicyConditionDef> policyConditions);
453
454
/**
455
* Get context enricher definitions
456
* @return List of context enricher definitions
457
*/
458
public List<RangerContextEnricherDef> getContextEnrichers();
459
460
/**
461
* Set context enricher definitions
462
* @param contextEnrichers - List of context enricher definitions
463
*/
464
public void setContextEnrichers(List<RangerContextEnricherDef> contextEnrichers);
465
}
466
```
467
468
### RangerRole
469
470
Represents a role that can be assigned to users and groups to provide organized permission management.
471
472
```java { .api }
473
/**
474
* Represents a role for organizing permissions
475
*/
476
public class RangerRole extends RangerBaseModelObject {
477
/**
478
* Get the role name
479
* @return Role name
480
*/
481
public String getName();
482
483
/**
484
* Set the role name
485
* @param name - Role name
486
*/
487
public void setName(String name);
488
489
/**
490
* Get the role description
491
* @return Description text
492
*/
493
public String getDescription();
494
495
/**
496
* Set the role description
497
* @param description - Description text
498
*/
499
public void setDescription(String description);
500
501
/**
502
* Get users assigned to this role
503
* @return List of role members (users)
504
*/
505
public List<RangerRoleMember> getUsers();
506
507
/**
508
* Set users assigned to this role
509
* @param users - List of role members (users)
510
*/
511
public void setUsers(List<RangerRoleMember> users);
512
513
/**
514
* Get groups assigned to this role
515
* @return List of role members (groups)
516
*/
517
public List<RangerRoleMember> getGroups();
518
519
/**
520
* Set groups assigned to this role
521
* @param groups - List of role members (groups)
522
*/
523
public void setGroups(List<RangerRoleMember> groups);
524
525
/**
526
* Get roles assigned to this role (role hierarchy)
527
* @return List of role members (roles)
528
*/
529
public List<RangerRoleMember> getRoles();
530
531
/**
532
* Set roles assigned to this role (role hierarchy)
533
* @param roles - List of role members (roles)
534
*/
535
public void setRoles(List<RangerRoleMember> roles);
536
537
/**
538
* Check if this role is enabled
539
* @return True if role is enabled
540
*/
541
public Boolean getIsEnabled();
542
543
/**
544
* Enable or disable this role
545
* @param isEnabled - True to enable role
546
*/
547
public void setIsEnabled(Boolean isEnabled);
548
}
549
```
550
551
### RangerTag
552
553
Represents a tag that can be associated with resources for attribute-based access control.
554
555
```java { .api }
556
/**
557
* Represents a tag for attribute-based access control
558
*/
559
public class RangerTag extends RangerBaseModelObject {
560
/**
561
* Get the tag name/value
562
* @return Tag name
563
*/
564
public String getType();
565
566
/**
567
* Set the tag name/value
568
* @param type - Tag name
569
*/
570
public void setType(String type);
571
572
/**
573
* Get tag attributes
574
* @return Map of attribute names to values
575
*/
576
public Map<String, String> getAttributes();
577
578
/**
579
* Set tag attributes
580
* @param attributes - Map of attribute names to values
581
*/
582
public void setAttributes(Map<String, String> attributes);
583
584
/**
585
* Get the resource associated with this tag
586
* @return Resource GUID
587
*/
588
public String getResourceGuid();
589
590
/**
591
* Set the resource associated with this tag
592
* @param resourceGuid - Resource GUID
593
*/
594
public void setResourceGuid(String resourceGuid);
595
596
/**
597
* Get tag options
598
* @return Map of option names to values
599
*/
600
public Map<String, String> getOptions();
601
602
/**
603
* Set tag options
604
* @param options - Map of option names to values
605
*/
606
public void setOptions(Map<String, String> options);
607
}
608
```
609
610
### RangerSecurityZone
611
612
Represents a security zone that groups related resources for administrative purposes.
613
614
```java { .api }
615
/**
616
* Represents a security zone for grouping resources
617
*/
618
public class RangerSecurityZone extends RangerBaseModelObject {
619
/**
620
* Get the security zone name
621
* @return Zone name
622
*/
623
public String getName();
624
625
/**
626
* Set the security zone name
627
* @param name - Zone name
628
*/
629
public void setName(String name);
630
631
/**
632
* Get the zone description
633
* @return Description text
634
*/
635
public String getDescription();
636
637
/**
638
* Set the zone description
639
* @param description - Description text
640
*/
641
public void setDescription(String description);
642
643
/**
644
* Get services and their resources in this zone
645
* @return Map of service names to service resources
646
*/
647
public Map<String, RangerSecurityZoneService> getServices();
648
649
/**
650
* Set services and their resources in this zone
651
* @param services - Map of service names to service resources
652
*/
653
public void setServices(Map<String, RangerSecurityZoneService> services);
654
655
/**
656
* Get zone administrators (users)
657
* @return List of admin users
658
*/
659
public List<String> getAdminUsers();
660
661
/**
662
* Set zone administrators (users)
663
* @param adminUsers - List of admin users
664
*/
665
public void setAdminUsers(List<String> adminUsers);
666
667
/**
668
* Get zone administrators (groups)
669
* @return List of admin groups
670
*/
671
public List<String> getAdminUserGroups();
672
673
/**
674
* Set zone administrators (groups)
675
* @param adminUserGroups - List of admin groups
676
*/
677
public void setAdminUserGroups(List<String> adminUserGroups);
678
679
/**
680
* Get zone auditors (users)
681
* @return List of auditor users
682
*/
683
public List<String> getAuditUsers();
684
685
/**
686
* Set zone auditors (users)
687
* @param auditUsers - List of auditor users
688
*/
689
public void setAuditUsers(List<String> auditUsers);
690
691
/**
692
* Get zone auditors (groups)
693
* @return List of auditor groups
694
*/
695
public List<String> getAuditUserGroups();
696
697
/**
698
* Set zone auditors (groups)
699
* @param auditUserGroups - List of auditor groups
700
*/
701
public void setAuditUserGroups(List<String> auditUserGroups);
702
}
703
```
704
705
### RangerService
706
707
Represents an instance of a service (e.g., a specific HDFS cluster, Hive instance).
708
709
```java { .api }
710
/**
711
* Represents an instance of a service
712
*/
713
public class RangerService extends RangerBaseModelObject {
714
/**
715
* Get the service name
716
* @return Service name
717
*/
718
public String getName();
719
720
/**
721
* Set the service name
722
* @param name - Service name
723
*/
724
public void setName(String name);
725
726
/**
727
* Get the service display name
728
* @return Display name
729
*/
730
public String getDisplayName();
731
732
/**
733
* Set the service display name
734
* @param displayName - Display name
735
*/
736
public void setDisplayName(String displayName);
737
738
/**
739
* Get the service type
740
* @return Service type (matches RangerServiceDef name)
741
*/
742
public String getType();
743
744
/**
745
* Set the service type
746
* @param type - Service type (matches RangerServiceDef name)
747
*/
748
public void setType(String type);
749
750
/**
751
* Get the service description
752
* @return Description text
753
*/
754
public String getDescription();
755
756
/**
757
* Set the service description
758
* @param description - Description text
759
*/
760
public void setDescription(String description);
761
762
/**
763
* Get service configuration
764
* @return Map of configuration names to values
765
*/
766
public Map<String, String> getConfigs();
767
768
/**
769
* Set service configuration
770
* @param configs - Map of configuration names to values
771
*/
772
public void setConfigs(Map<String, String> configs);
773
774
/**
775
* Check if this service is enabled
776
* @return True if service is enabled
777
*/
778
public Boolean getIsEnabled();
779
780
/**
781
* Enable or disable this service
782
* @param isEnabled - True to enable service
783
*/
784
public void setIsEnabled(Boolean isEnabled);
785
786
/**
787
* Get tag service name (for tag-based policies)
788
* @return Tag service name
789
*/
790
public String getTagService();
791
792
/**
793
* Set tag service name (for tag-based policies)
794
* @param tagService - Tag service name
795
*/
796
public void setTagService(String tagService);
797
}
798
```
799
800
**Usage Examples:**
801
802
```java
803
import org.apache.ranger.plugin.model.*;
804
import java.util.*;
805
806
// Create a new policy
807
RangerPolicy policy = new RangerPolicy();
808
policy.setName("hdfs-read-policy");
809
policy.setService("hadoop-cluster1");
810
policy.setPolicyType(RangerPolicy.POLICY_TYPE_ACCESS);
811
policy.setPolicyPriority(RangerPolicy.POLICY_PRIORITY_NORMAL);
812
policy.setDescription("Allow users to read files in /user directory");
813
policy.setIsEnabled(true);
814
policy.setIsAuditEnabled(true);
815
816
// Define resources
817
Map<String, RangerPolicyResource> resources = new HashMap<>();
818
RangerPolicyResource pathResource = new RangerPolicyResource();
819
pathResource.setValues(Arrays.asList("/user/*"));
820
pathResource.setIsExcludes(false);
821
pathResource.setIsRecursive(true);
822
resources.put("path", pathResource);
823
policy.setResources(resources);
824
825
// Define policy items (allow rules)
826
List<RangerPolicyItem> policyItems = new ArrayList<>();
827
RangerPolicyItem item = new RangerPolicyItem();
828
item.setUsers(Arrays.asList("alice", "bob"));
829
item.setGroups(Arrays.asList("users"));
830
item.setRoles(Arrays.asList("data-reader"));
831
item.setAccessTypes(Arrays.asList("read"));
832
item.setDelegateAdmin(false);
833
policyItems.add(item);
834
policy.setPolicyItems(policyItems);
835
836
// Create a service definition
837
RangerServiceDef serviceDef = new RangerServiceDef();
838
serviceDef.setName("hdfs");
839
serviceDef.setDisplayName("Hadoop Distributed File System");
840
serviceDef.setImplClass("org.apache.ranger.services.hdfs.RangerServiceHdfs");
841
serviceDef.setDescription("HDFS Repository");
842
843
// Define resources for the service type
844
List<RangerResourceDef> resourceDefs = new ArrayList<>();
845
RangerResourceDef pathDef = new RangerResourceDef();
846
pathDef.setName("path");
847
pathDef.setType("path");
848
pathDef.setLevel(1);
849
pathDef.setMandatory(true);
850
pathDef.setLookupSupported(true);
851
pathDef.setRecursiveSupported(true);
852
pathDef.setExcludesSupported(true);
853
pathDef.setMatcher("org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher");
854
pathDef.setMatcherOptions(new HashMap<>());
855
resourceDefs.add(pathDef);
856
serviceDef.setResources(resourceDefs);
857
858
// Define access types for the service
859
List<RangerAccessTypeDef> accessTypes = new ArrayList<>();
860
RangerAccessTypeDef readAccess = new RangerAccessTypeDef();
861
readAccess.setName("read");
862
readAccess.setLabel("Read");
863
readAccess.setImpliedGrants(Arrays.asList());
864
accessTypes.add(readAccess);
865
866
RangerAccessTypeDef writeAccess = new RangerAccessTypeDef();
867
writeAccess.setName("write");
868
writeAccess.setLabel("Write");
869
writeAccess.setImpliedGrants(Arrays.asList("read"));
870
accessTypes.add(writeAccess);
871
872
serviceDef.setAccessTypes(accessTypes);
873
874
// Create a role
875
RangerRole role = new RangerRole();
876
role.setName("data-analyst");
877
role.setDescription("Role for data analysts");
878
role.setIsEnabled(true);
879
880
List<RangerRoleMember> users = new ArrayList<>();
881
RangerRoleMember userMember = new RangerRoleMember();
882
userMember.setName("alice");
883
userMember.setIsAdmin(false);
884
users.add(userMember);
885
role.setUsers(users);
886
887
List<RangerRoleMember> groups = new ArrayList<>();
888
RangerRoleMember groupMember = new RangerRoleMember();
889
groupMember.setName("analysts");
890
groupMember.setIsAdmin(false);
891
groups.add(groupMember);
892
role.setGroups(groups);
893
894
// Create a tag
895
RangerTag tag = new RangerTag();
896
tag.setType("PII");
897
Map<String, String> attributes = new HashMap<>();
898
attributes.put("level", "high");
899
attributes.put("category", "personal");
900
tag.setAttributes(attributes);
901
902
// Create a service instance
903
RangerService service = new RangerService();
904
service.setName("hadoop-cluster1");
905
service.setDisplayName("Production Hadoop Cluster");
906
service.setType("hdfs");
907
service.setDescription("Production HDFS service");
908
service.setIsEnabled(true);
909
910
Map<String, String> serviceConfigs = new HashMap<>();
911
serviceConfigs.put("username", "ranger");
912
serviceConfigs.put("password", "ranger123");
913
serviceConfigs.put("fs.default.name", "hdfs://namenode:8020");
914
service.setConfigs(serviceConfigs);
915
916
System.out.println("Created policy: " + policy.getName() + " for service: " + policy.getService());
917
System.out.println("Service definition: " + serviceDef.getName() + " supports " +
918
serviceDef.getAccessTypes().size() + " access types");
919
System.out.println("Role " + role.getName() + " has " + role.getUsers().size() + " users");
920
```
921
922
## Model Hierarchies and Relationships
923
924
### Policy Item Hierarchy
925
926
Policy items define the actual permissions within policies:
927
928
- **RangerPolicyItem**: Base policy item for allow rules
929
- **RangerDataMaskPolicyItem**: Extended item for data masking policies with mask information
930
- **RangerRowFilterPolicyItem**: Extended item for row filtering policies with filter expressions
931
932
### Service Definition Components
933
934
Service definitions are composed of several definition classes:
935
936
- **RangerResourceDef**: Defines a resource type (e.g., "path", "database", "table")
937
- **RangerAccessTypeDef**: Defines an access type (e.g., "read", "write", "admin")
938
- **RangerPolicyConditionDef**: Defines a policy condition evaluator
939
- **RangerContextEnricherDef**: Defines a context enricher
940
- **RangerServiceConfigDef**: Defines a configuration parameter
941
942
### Model Validation
943
944
All model objects support validation through:
945
946
- **Required field validation**: Ensures mandatory fields are set
947
- **Cross-reference validation**: Validates relationships between objects
948
- **Business rule validation**: Enforces domain-specific rules
949
- **Format validation**: Validates field formats (e.g., names, patterns)
950
951
## Serialization Support
952
953
All model classes provide comprehensive serialization support:
954
955
- **JSON serialization**: Via Jackson annotations for REST APIs
956
- **Java serialization**: Via `Serializable` interface for caching and persistence
957
- **XML serialization**: For configuration export/import
958
- **Version compatibility**: Backward-compatible serialization handling
959
960
## Thread Safety
961
962
Model objects have specific thread safety characteristics:
963
964
- **Immutable after creation**: Models should be treated as immutable once populated
965
- **Builder pattern support**: Use builders or setters only during construction
966
- **Copy constructors**: Available for creating defensive copies
967
- **Thread-safe collections**: Use concurrent collections for multi-threaded access