ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alberto Romero (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RANGER-2127) Masking policy to allow querying actual data if masked cols are on predicate
Date Fri, 08 Jun 2018 15:07:00 GMT
Alberto Romero created RANGER-2127:
--------------------------------------

             Summary: Masking policy to allow querying actual data if masked cols are on predicate
                 Key: RANGER-2127
                 URL: https://issues.apache.org/jira/browse/RANGER-2127
             Project: Ranger
          Issue Type: Improvement
          Components: plugins, Ranger
    Affects Versions: 0.7.1
            Reporter: Alberto Romero


Enable querying datasets on actual values even if there are masking policies for some of the
columns, as long as such columns are in the predicate of the statement (ie the actual masked
values are not returned, only used as part of the query).

For example,

Table #1: customers

Cols: ID, COMPANY_NAME, SECTOR, *masked*[CUSTOMER_ID]

Table #2: orders

Cols: ID, WAREHOUSE_ID, QUANTITY, VALUE

 

SELECT c.SECTOR, sum(o.QUANTITY)
FROM customers c JOIN orders o 
ON (c.CUSTOMER_ID = o.ID) 
group by c.SECTOR;

 

The query would not return the values from customers.CUSTOMER_ID, but will still run the query
on the actual values for the column.

 

A suggested approach would be to create a simple query analyzer to determine if any masked
data would be returned or not based on the position in the query, and allow the query to run
on actual values if not.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message