ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Velmurugan Periasamy (Jira)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-2962) Ranger Row Level Filter (See only data corresponding to user logged in without the need to create multiple user entries in policy)
Date Fri, 11 Sep 2020 14:40:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-2962?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17194296#comment-17194296
] 

Velmurugan Periasamy commented on RANGER-2962:
----------------------------------------------

Have you tried {USER}? Are you facing any issues?  CC [~abhayk] / [~rmani]

> Ranger Row Level Filter (See only data corresponding to user logged in without the need
to create multiple user entries in policy)
> ----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-2962
>                 URL: https://issues.apache.org/jira/browse/RANGER-2962
>             Project: Ranger
>          Issue Type: Improvement
>          Components: Ranger
>            Reporter: Mudit Sharma
>            Priority: Major
>
> We are using Apache Ranger as our Security pipeline. We found out that Ranger has a Row
Level Filter option where we can limit the data visible to particular users. The issue we
are facing is that, let's say there are some 100 or 1000 of users which we need to restrict
to see only their own data in a particular hive table, we need to create 100 or 1000 entries
in Ranger Row Level Policy, for ex: for each user A, we need to create a separate filter in
policy saying user_name = "A". This sometimes hit the DB limit for a policy meta and we need
to bifurcate the policy into 2-3 or many parts. Is there a way making use of \{USER} and user_name
= \{USER}, we can restrict each user to see only its own data?
>  
>  
> Also, in Row Level Filter currently we allow only Select, I would like to check if we
are looking forward for more such filter specific operations such as Insert or Alter



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message