Create a Single Data Access Rule¶
POST /api/v1/logging_query_rule/add
Overview¶
Create a single data access rule, v2 supports cross-site data access configuration.
Body Request Parameters¶
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| name | string | Name (Added in 2024-09-04 iteration, default name, creator_creation time) Allow empty: False Allow empty string: False Max length: 64 |
|
| desc | string | Description (Added in 2024-09-04 iteration) Example: Description1 Allow empty: False Allow empty string: True Max length: 256 |
|
| regionCode | string | Y | Data access authorization based on site Allow empty: False Allow empty string: False |
| indexes | array | Y | Index UUID, [""] means all Example: [''] Allow empty: False |
| roleUUIDs | array | Y | List of roles Example: [] Allow empty: False |
| conditions | string | Y | Filter search Example: search Allow empty: False |
| extend | json | Front-end custom extension field Example: xxx Allow empty: False |
|
| logic | string | Y | Logic field Example: or Allow empty: False |
| maskFields | string | Masked fields, multiple fields separated by commas Example: message,host Allow empty: False Allow empty string: True |
|
| reExprs | array | Regular expressions Example: [{'name': 'jjj', 'reExpr': 'ss', 'enable': 0}, {'name': 'lll', 'reExpr': 'ss', 'enable': 1}] Allow empty: False |
Parameter Additional Notes¶
Data Description.*
1. Role Authorization Access Notes 1. Specified roles can only query data within the specified query range. 2. If a user has multiple roles and one of the roles is not in the rule's role list, this data access rule will not apply to the user, i.e., the query range is not restricted. 3. The logic between multiple log data access rules in a workspace is OR.
2. Request Parameter Notes
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| name | string | Y | Name |
| desc | String | N | Description |
| indexes | array | Y | Log index information. For non-local workspace indexes (must be authorized by the workspace), use workspaceUUID:indexUUID, e.g., ["wksp_111:lgim_222", "wksp_333:lgim_444"] |
| roleUUIDs | array | Y | List of role UUIDs |
| conditions | string | N | Actual filter conditions for data range, e.g., "device IN ['PC'] and session_has_replay IN ['1']" |
| extend | dict | Y | Extension field, stores the structure of conditions for front-end display, e.g., |
| logic | string | N | Logic field, and/or, used to connect filter conditions |
| maskFields | string | N | Masked fields, multiple fields separated by commas |
| reExprs | array | N | Regular expressions, e.g., [{"name":"1111","enable":true,"reExpr":"tkn_[\da-z]*"},{"name":"liuyltest","enable":true,"reExpr":"test"}] |
| regionCode | string | Y | Site code (can be obtained via workspace/website/list interface), site information for data access configuration, default authorization for current site data |
Request Example¶
curl 'https://openapi.guance.com/api/v1/logging_query_rule/add' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'DF-API-KEY: <DF-API-KEY>' \
--data-raw $'{"name":"temp_test","desc":"test openapi","roleUUIDs":["general","role_3ac3042991c046f0b03452771012b268"],"indexes":["wksp_4b57c7bab38e4a2d9630f675dc20015d:lgim_f2a50518520b467a920103a19133fa8b","wksp_eee1a762ed954b7588e30d9bccb717d5:lgim_72143917855c48abae5d4fb1d2fb7a1f"],"extend":{"city":["Tafuna"]},"maskFields":"message","logic":"and","reExprs":[{"name":"qq email maxk","reExpr":"[a-zA-Z0-9_]+@guance.com","enable":true}],"conditions":"`city` IN [\'Tafuna\']"}' \
--compressed
Response¶
{
"code": 200,
"content": {
"conditions": "`city` IN ['Tafuna']",
"createAt": 1730529443,
"creator": "wsak_cd83804176e24ac18a8a683260ab0746",
"declaration": {
"asd": "aa,bb,cc,1,True",
"asdasd": "dawdawd",
"business": "aaa",
"dd": "dd",
"fawf": "afawf",
"organization": "64fe7b4062f74d0007b46676"
},
"deleteAt": -1,
"desc": "test openapi",
"extend": {
"city": [
"Tafuna"
]
},
"id": null,
"indexes": [
"wksp_4b57c7bab38e4a2d9630f675dc20015d:lgim_f2a50518520b467a920103a19133fa8b",
"wksp_eee1a762ed954b7588e30d9bccb717d5:lgim_72143917855c48abae5d4fb1d2fb7a1f"
],
"logic": "and",
"maskFields": "message",
"name": "temp_test",
"reExprs": [
{
"enable": true,
"name": "qq email maxk",
"reExpr": "[a-zA-Z0-9_]+@guance.com"
}
],
"roleUUIDs": [
"general",
"role_3ac3042991c046f0b03452771012b268"
],
"sources": [],
"status": 0,
"type": "logging",
"updateAt": null,
"updator": null,
"uuid": "lqrl_9f1de1d1440f4af5917a534299d0ad09",
"workspaceUUID": "wksp_4b57c7bab38e4a2d9630f675dc20015d"
},
"errorCode": "",
"message": "",
"success": true,
"traceId": "TRACE-25C229E5-150F-4DF1-8576-DE17259B7A16"
}