ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madhan Neethiraj (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-1796) Updated masking policy for hive to support for deny/allowException/denyExceptions
Date Thu, 28 Sep 2017 15:18:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-1796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16184308#comment-16184308
] 

Madhan Neethiraj commented on RANGER-1796:
------------------------------------------

[~peng.jianhua] - I think the following approach will be a simpler and intuitive way to address
your use case:
 - add a policy-item for user=USER1 with desired masking for this user
 - add a policy-item for group={GROUPA, GROUPB}, with maskType set to 'No Mask'
 - add a policy-item for group=public, with desired masking for every one else

I think specifying masking in terms of deny and exceptions is very difficult to understand
and use. Can you review and try the above approach and let me know if this doesn't work or
if this is not easy to understand.

> Updated masking policy for hive  to support for deny/allowException/denyExceptions
> ----------------------------------------------------------------------------------
>
>                 Key: RANGER-1796
>                 URL: https://issues.apache.org/jira/browse/RANGER-1796
>             Project: Ranger
>          Issue Type: New Feature
>          Components: plugins
>    Affects Versions: 1.0.0, master
>            Reporter: peng.jianhua
>            Assignee: peng.jianhua
>              Labels: newbie, patch
>         Attachments: 0001-RANGER-1796-Updated-masking-policy-for-hive-to-suppo.patch,
masking-03.png, masking2.png, usecase-01.png, usecase-02.png
>
>
> Masking policy for hive  should support for deny/allowException/denyExceptions to meet
further business needs. Such as masking policy for hive should support as following scene
and so on:
> USER1, USER2 and USER3 belong to the user group GROUPA. Select GROUPA group when created
masking policy. The USER1 does not use masking and USER2, USER3 need masking.
> We rigorously tested this issue. The test result shows that the feature is ok.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message