Create a Single Data Access Rule¶
POST /api/v1/logging_query_rule/add
Overview¶
Create a single data access rule. v2 supports cross-site data access configuration.
Body Request Parameters¶
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| name | string | Name (Added in the 2024-09-04 iteration, default name: Creator_CreationTime) Allow null: False Allow empty string: False Max length: 64 |
|
| desc | string | Description (Added in the 2024-09-04 iteration) Example: Description1 Allow null: False Allow empty string: True Max length: 256 |
|
| regionCode | string | Y | Data access authorization based on site Allow null: False Allow empty string: False |
| indexes | array | Y | Index UUIDs, [""] means all Example: [''] Allow null: False |
| roleUUIDs | array | Y | List of roles Example: [] Allow null: False |
| conditions | string | Y | Filter search Example: search Allow null: False |
| extend | json | Frontend custom extension field Example: xxx Allow null: False |
|
| logic | string | Y | Logic field Example: or Allow null: False |
| maskFields | string | Masking fields, multiple fields separated by commas Example: message,host Allow null: False Allow empty string: True |
|
| reExprs | array | Regular expressions Example: [{'name': 'jjj', 'reExpr': 'ss', 'enable': 0}, {'name': 'lll', 'reExpr': 'ss', 'enable': 1}] Allow null: False |
Parameter Supplementary Explanation¶
Data Description.*
1. Role Authorization Access Explanation 1. Specified roles can only query data within the specified query scope. 2. If a user has multiple roles and one of those roles is not included in this rule's role list, this data access rule will not take effect for that user, meaning the query scope is not restricted. 3. The logic between multiple log data access rules within a workspace is an OR relationship.
2. Request Parameter Explanation
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| name | string | Y | Name |
| desc | String | N | Description |
| indexes | array | Y | Log index information. For index authorization from a non-local workspace (must be authorized by the workspace), use Workspace UUID:Index UUID, e.g., ["wksp_111:lgim_222", "wksp_333:lgim_444"] |
| roleUUIDs | array | Y | List of role UUIDs |
| conditions | string | N | Actual filter conditions for the data scope, e.g., "device IN ['PC'] and session_has_replay IN ['1']" |
| extend | dict | Y | Extension field, stores the structured content of conditions for frontend display, e.g., |
| logic | string | N | Logic field, and/or, used to connect filter conditions |
| maskFields | string | N | Masking fields, multiple fields separated by commas |
| reExprs | array | N | Regular expressions, e.g., [{"name":"1111","enable":true,"reExpr":"tkn_[\da-z]*"},{"name":"liuyltest","enable":true,"reExpr":"test"}] |
| regionCode | string | Y | Site code (can be obtained via the workspace/website/list API), site information for data access configuration, defaults to authorizing data from the current site |
Request Example¶
curl 'https://openapi.guance.com/api/v1/logging_query_rule/add' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'DF-API-KEY: <DF-API-KEY>' \
--data-raw $'{"name":"temp_test","desc":"test openapi","roleUUIDs":["general","role_3ac3042991c046f0b03452771012b268"],"indexes":["wksp_4b57c7bab38e4a2d9630f675dc20015d:lgim_f2a50518520b467a920103a19133fa8b","wksp_eee1a762ed954b7588e30d9bccb717d5:lgim_72143917855c48abae5d4fb1d2fb7a1f"],"extend":{"city":["Tafuna"]},"maskFields":"message","logic":"and","reExprs":[{"name":"qq email maxk","reExpr":"[a-zA-Z0-9_]+@guance.com","enable":true}],"conditions":"`city` IN [\'Tafuna\']"}' \
--compressed
Response¶
{
"code": 200,
"content": {
"conditions": "`city` IN ['Tafuna']",
"createAt": 1730529443,
"creator": "wsak_cd83804176e24ac18a8a683260ab0746",
"declaration": {
"asd": "aa,bb,cc,1,True",
"asdasd": "dawdawd",
"business": "aaa",
"dd": "dd",
"fawf": "afawf",
"organization": "64fe7b4062f74d0007b46676"
},
"deleteAt": -1,
"desc": "test openapi",
"extend": {
"city": [
"Tafuna"
]
},
"id": null,
"indexes": [
"wksp_4b57c7bab38e4a2d9630f675dc20015d:lgim_f2a50518520b467a920103a19133fa8b",
"wksp_eee1a762ed954b7588e30d9bccb717d5:lgim_72143917855c48abae5d4fb1d2fb7a1f"
],
"logic": "and",
"maskFields": "message",
"name": "temp_test",
"reExprs": [
{
"enable": true,
"name": "qq email maxk",
"reExpr": "[a-zA-Z0-9_]+@guance.com"
}
],
"roleUUIDs": [
"general",
"role_3ac3042991c046f0b03452771012b268"
],
"sources": [],
"status": 0,
"type": "logging",
"updateAt": null,
"updator": null,
"uuid": "lqrl_9f1de1d1440f4af5917a534299d0ad09",
"workspaceUUID": "wksp_4b57c7bab38e4a2d9630f675dc20015d"
},
"errorCode": "",
"message": "",
"success": true,
"traceId": "TRACE-25C229E5-150F-4DF1-8576-DE17259B7A16"
}