ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Don Bosco Durai (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-1195) Ranger should allow for "select *" and "describe" on tables where user access is limited to a subset of columns.
Date Thu, 08 Dec 2016 07:21:58 GMT

    [ https://issues.apache.org/jira/browse/RANGER-1195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15731393#comment-15731393
] 

Don Bosco Durai commented on RANGER-1195:
-----------------------------------------

[~rmani], thanks for the explanation and thinking through these different scenarios. I assume,
currently, if someone sets the value to "show-allowed", then it will act as "none". After
we get the support from Hive, we can implement it properly.


> Ranger should allow for "select *" and "describe" on tables where user access is limited
to a subset of columns.
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-1195
>                 URL: https://issues.apache.org/jira/browse/RANGER-1195
>             Project: Ranger
>          Issue Type: Improvement
>          Components: plugins
>    Affects Versions: 0.5.1, 0.5.2, 0.6.0, 0.5.3, 0.6.1
>            Reporter: Michael Young
>            Assignee: Ramesh Mani
>             Fix For: 0.7.0
>
>         Attachments: RANGER-1195.patch
>
>
> If you create a Hive policy in Ranger which allows only a subset of columns in a table,
users are unable to "select * from tablename" or "describe tablename".  The user must know
in advance to which columns they are allowed access, but they can't use "describe" to see
a list of columns they are allowed.
> When doing either select or describe in Hive, Ranger should dynamically filter the columns
the user is not allowed to see.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message