sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dapeng Sun (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SENTRY-74) Add column-level privileges for Hive/Impala
Date Thu, 14 Aug 2014 01:42:21 GMT

    [ https://issues.apache.org/jira/browse/SENTRY-74?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14096412#comment-14096412
] 

Dapeng Sun commented on SENTRY-74:
----------------------------------

Hi [~tctruong213]
Thank you for your comments
{quote}Should we be able to omit the column specification? Old format should still imply all
column access is allowed, right?{quote}
Yes, the old format means we can access all the column of the table. we will add a TABLE level
privilege to SentryStore.
{quote}How about multi-column syntax?  db1_read_role = server=server1->db=db1->table=tb1->column=col1,col2,
col3->action=select ?{quote}
No, for the multi-column, we must specify privilege for every column:
{noformat} server=server1->db=db1->table=tb1->column=col1->action=select
 server=server1->db=db1->table=tb1->column=col2->action=select
 server=server1->db=db1->table=tb1->column=col3->action=select
{noformat}

I will update it to the document, if you think it's OK.


> Add column-level privileges for Hive/Impala
> -------------------------------------------
>
>                 Key: SENTRY-74
>                 URL: https://issues.apache.org/jira/browse/SENTRY-74
>             Project: Sentry
>          Issue Type: Improvement
>    Affects Versions: 1.3.0
>            Reporter: Jeremy Beard
>            Assignee: Dapeng Sun
>             Fix For: 1.5.0
>
>         Attachments: Design Document of Column-Level Access Control_v1.pdf
>
>
> Currently the finest grain of privilege is at the table/view level. This leads to the
unwieldy scenario where a different view has to be created for each combination of columns
that need to be restricted. With column level privileges this would not be required.
> In the policy file column privileges might potentially look like:
> server=server1->db=default->table=employees->column=salary->action=select



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message