policy list

List security policies using the CLI.

Syntax

CLI

Use the following command to display the list of security policies. This command returns just the list of security policies that the user is allowed to view. Therefore, if there are a total of 10 security policies, but the administrative privileges only allow the user to view 6 of them, then this command returns the details of the 6 security policies.

For the 4 remaining security policies, this command returns just the name and ID fields:

/opt/mapr/bin/maprcli security policy list
  [ -cluster cluster-name]
  [ -output terse|verbose. Default: verbose]
  [ -start <start record number, starting from 0>. Default: 0 ]
  [ -limit <limit>. Default: 2147483647 ]
  [ -filter <filters>. Default: none ]
  [ -columns <comma-separated list of column names>. Default: all ]
  [ -sortby <sort field> ]
  [ -sortorder asc|desc ]
  [ -expandaces true|false. Default: false ]
              
REST
Request Type GET
Request URL
http[s]://<host>:<port>/rest/security/policy/list?<parameters>

Parameters

Parameter

Description

cluster The cluster name on which to run the command. This parameter is optional. The local cluster is the default cluster.
output

Specifies whether the output should be terse or verbose.

Default: verbose

start

Starting record to return.

Default: 0

limit

Number of rows to return, beginning at start.

Default: 2147483647 (231 – 1)

filter

A filter specifying the policies to display. The supported filters are as follows:

Abbreviated Name Filter Name Description
n policyname Name
id policyid Policy ID
ct ctime Creation time
mt mtime Modification time
ea audited Audit enabled
ws wiresecurity Wire security enabled
at allowtagging Allow tagging
ac accesscontrol Access control

columns

A comma-separated list of fields to return in the query. See the parameters for the list of column names.

When issuing maprcli security policy info -columns and maprcli security policy list -columns commands, the column for the policy name is name.

sortby

The field on which the results should be sorted. You can use either of the two long names or the shortname. Valid values are:

Long Name Short Name Description
policyname/securitypolicyname n Name
policyid/securitypolicyid id Policy ID
ctime/securitypolicyctime ct Creation time
mtime/securitypolicymtime mt Modification time
audited/securitypolicyauditdataaccess ea Audit enabled
wiresecurity/securitypolicywiresecurityenabled ws Wire encryption enabled
allowtagging/securitypolicyallowtagging at Allow tagging
accesscontrol/securitypolicyaccesscontrol ac Access control flag

sortorder

The sort order. Valid values are asc (ascending) or desc (descending).

expandaces

Expand ACEs into their respective fields for display.

Default: false

Examples

Example 1

A user without administrative privileges can only view the security policy name and ID. In the following example, there are 2 security policies pci and hipaa. test1 is a user with a regular user ticket, but without administrative privileges. This user can only view the name and id fields of the security policies:

/opt/mapr/bin/maprcli security policy list -json
{
  "timestamp":1548363754194,
  "timeofday":"2019-01-24 01:02:34.194 GMT-0800 PM",
  "status":"OK",
  "total":2,
  "data":[
    {
      "policyname":"pci",
      "policyid":1
    },
    {
      "policyname":"hipaa",
      "policyid":2
    }
  ]
}
curl -u mapr:mapr -X GET  -k "https://host:8443/rest/security/policy/list"
{"timestamp":1548363754194,"timeofday":"2019-01-24 01:02:34.194 GMT-0800 PM","status":"OK","total":2,"data":[{"policyname":"pci","policyid":1},{"policyname":"hipaa","policyid":2}]}

Example 2

List the policies sorted by their name. You can use either of the two sortby long names parameters, or the shortname parameter to sort the policies. In this example, the two policies are MILITARY and TOPSECRET. The policies are displayed in the ascending order of their name.

/opt/mapr/bin/maprcli security policy list -sortby securitypolicyname  -json
 {
	"timestamp":1554957377267,
	"timeofday":"2019-04-10 09:36:17.267 GMT-0700 PM",
	"status":"OK",
	"total":2,
	"data":[
		{
			"policyname":"MILITARY",
			"policyid":2,
			"mtime":"Tue Apr 09 06:07:54 PDT 2019",
			"ctime":"Tue Apr 09 04:19:00 PDT 2019",
			"wiresecurity":"1",
			"audited":"0",
			"allowtagging":"1",
			"accesscontrol":"Disarmed",
			"enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent",
			"disableddataauditoperations":"",
			"acl":{
				"Principal":"User root",
				"Allowed actions":"[r, a, fc]"
			},
			"aces":{
				"writeaces":"u:user7 | u:user10"
			}
		},
		{
			"policyname":"TOPSECRET",
			"policyid":1,
			"mtime":"Mon Apr 08 22:33:52 PDT 2019",
			"ctime":"Mon Apr 08 22:33:52 PDT 2019",
			"wiresecurity":"1",
			"audited":"0",
			"allowtagging":"1",
			"accesscontrol":"Armed",
			"enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent",
			"disableddataauditoperations":"",
			"acl":[
				{
					"Principal":"User user7",
					"Allowed actions":"[r, a, fc]"
				},
				{
					"Principal":"User user10",
					"Allowed actions":"[a]"
				}
			]
		}
	]
}

Now use the other long name parameter to see if you get the same result:

/opt/mapr/bin/maprcli security policy list -sortby policyname  -json
{
	"timestamp":1554957411992,
	"timeofday":"2019-04-10 09:36:51.992 GMT-0700 PM",
	"status":"OK",
	"total":2,
	"data":[
		{
			"policyname":"MILITARY",
			"policyid":2,
			"mtime":"Tue Apr 09 06:07:54 PDT 2019",
			"ctime":"Tue Apr 09 04:19:00 PDT 2019",
			"wiresecurity":"1",
			"audited":"0",
			"allowtagging":"1",
			"accesscontrol":"Disarmed",
			"enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent",
			"disableddataauditoperations":"",
			"acl":{
				"Principal":"User root",
				"Allowed actions":"[r, a, fc]"
			},
			"aces":{
				"writeaces":"u:user7 | u:user10"
			}
		},
		{
			"policyname":"TOPSECRET",
			"policyid":1,
			"mtime":"Mon Apr 08 22:33:52 PDT 2019",
			"ctime":"Mon Apr 08 22:33:52 PDT 2019",
			"wiresecurity":"1",
			"audited":"0",
			"allowtagging":"1",
			"accesscontrol":"Armed",
			"enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent",
			"disableddataauditoperations":"",
			"acl":[
				{
					"Principal":"User user7",
					"Allowed actions":"[r, a, fc]"
				},
				{
					"Principal":"User user10",
					"Allowed actions":"[a]"
				}
			]
		}
	]
}

Finally, use the shortname to check if you get the same result:

/opt/mapr/bin/maprcli security policy list -sortby n  -json
{
	"timestamp":1554957425876,
	"timeofday":"2019-04-10 09:37:05.876 GMT-0700 PM",
	"status":"OK",
	"total":2,
	"data":[
		{
			"policyname":"MILITARY",
			"policyid":2,
			"mtime":"Tue Apr 09 06:07:54 PDT 2019",
			"ctime":"Tue Apr 09 04:19:00 PDT 2019",
			"wiresecurity":"1",
			"audited":"0",
			"allowtagging":"1",
			"accesscontrol":"Disarmed",
			"enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent",
			"disableddataauditoperations":"",
			"acl":{
				"Principal":"User root",
				"Allowed actions":"[r, a, fc]"
			},
			"aces":{
				"writeaces":"u:user7 | u:user10"
			}
		},
		{
			"policyname":"TOPSECRET",
			"policyid":1,
			"mtime":"Mon Apr 08 22:33:52 PDT 2019",
			"ctime":"Mon Apr 08 22:33:52 PDT 2019",
			"wiresecurity":"1",
			"audited":"0",
			"allowtagging":"1",
			"accesscontrol":"Armed",
			"enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent",
			"disableddataauditoperations":"",
			"acl":[
				{
					"Principal":"User user7",
					"Allowed actions":"[r, a, fc]"
				},
				{
					"Principal":"User user10",
					"Allowed actions":"[a]"
				}
			]
		}
	]
}
curl -u mapr:mapr -X GET  -k "https://host:8443/rest/security/policy/list?&sortby=securitypolicyname"
{"timestamp":1554958689389,"timeofday":"2019-04-10 09:58:09.389 GMT-0700 PM","status":"OK","total":2,"data":[{"policyname":"MILITARY","policyid":2,"mtime":"Tue Apr 09 06:07:54 PDT 2019","ctime":"Tue Apr 09 04:19:00 PDT 2019","wiresecurity":"1","audited":"0","allowtagging":"1","accesscontrol":"Disarmed","enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent","disableddataauditoperations":"","acl":{"Principal":"User root","Allowed actions":"[r, a, fc]"},"aces":{"writeaces":"u:user7 | u:user10"}},{"policyname":"TOPSECRET","policyid":1,"mtime":"Mon Apr 08 22:33:52 PDT 2019","ctime":"Mon Apr 08 22:33:52 PDT 2019","wiresecurity":"1","audited":"0","allowtagging":"1","accesscontrol":"Armed","enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent","disableddataauditoperations":"","acl":[{"Principal":"User user7","Allowed actions":"[r, a, fc]"},{"Principal":"User user10","Allowed actions":"[a]"}]}]}

Example 3

Display just the name of the policy and the access control state.
/opt/mapr/bin/maprcli security policy list -columns "policyname,accesscontrol"
accesscontrol  policyname  
Armed          TOPSECRET  
Disarmed       MILITARY    

    
curl -u mapr:mapr -X GET  -k "https://host:8443/rest/security/policy/list?&sortby=securitypolicyname&columns=policyname,accesscontrol"
{"timestamp":1554959313985,"timeofday":"2019-04-10 10:08:33.985 GMT-0700 PM","status":"OK","total":2,"data":[{"policyname":"MILITARY","accesscontrol":"Disarmed"},{"policyname":"TOPSECRET","accesscontrol":"Armed"}]}

Example 4

Use a filter to search for matching policy(ies):
/opt/mapr/bin/maprcli security policy list -filter \[n=="TOP*"\] -json
{
	"timestamp":1554963795805,
	"timeofday":"2019-04-10 11:23:15.805 GMT-0700 PM",
	"status":"OK",
	"total":1,
	"data":[
		{
			"policyname":"TOPSECRET",
			"policyid":1,
			"mtime":"Mon Apr 08 22:33:52 PDT 2019",
			"ctime":"Mon Apr 08 22:33:52 PDT 2019",
			"wiresecurity":"1",
			"audited":"0",
			"allowtagging":"1",
			"accesscontrol":"Armed",
			"enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent",
			"disableddataauditoperations":"",
			"acl":[
				{
					"Principal":"User user7",
					"Allowed actions":"[r, a, fc]"
				},
				{
					"Principal":"User user10",
					"Allowed actions":"[a]"
				}
			]
		}
	]
}
curl -u mapr:mapr -X GET  -k "https://host:8443/rest/security/policy/list?&filter=%5Bn%3D%3DTOP*%5D"
{"timestamp":1554977760323,"timeofday":"2019-04-11 03:16:00.323 GMT-0700 AM","status":"OK","total":1,"data":[{"policyname":"TOPSECRET","policyid":1,"mtime":"Mon Apr 08 22:33:52 PDT 2019","ctime":"Mon Apr 08 22:33:52 PDT 2019","wiresecurity":"1","audited":"0","allowtagging":"1","accesscontrol":"Armed","enableddataauditoperations":"getattr,setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink,filescan,fileoffload,filerecall,filetierjobstatus,filetierjobabort,filetieroffloadevent,filetierrecallevent","disableddataauditoperations":"","acl":[{"Principal":"User user7","Allowed actions":"[r, a, fc]"},{"Principal":"User user10","Allowed actions":"[a]"}]}]}