[jira] [Created] (CASSANDRA-18070) Add a new SELECT_MASKED permission

[Jira]

Andres de la Peña created CASSANDRA-18070:
---------------------------------------------

             Summary: Add a new SELECT_MASKED permission
                 Key: CASSANDRA-18070
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-18070
             Project: Cassandra
          Issue Type: New Feature
          Components: Feature/Dynamic Data Masking
            Reporter: Andres de la Peña


Add a table-level SELECT_MASKED permission allowing certain users to query but 
not see the unmasked columns introduced by CASSANDRA-18068, assuming that they 
also have the SELECT permission on the table, as defined by 
[CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking].
 

It would look like:
{code}
> CREATE USER unprivileged_user WITH PASSWORD 'xyz';
> CREATE USER privileged_user WITH PASSWORD 'zyx';
 
> GRANT SELECT ON ALL TABLE patients TO unprivileged_user;
> GRANT SELECT ON ALL TABLE patients TO privileged_user;
> GRANT SELECT_MASKED ON ALL TABLE patients TO privileged_user;
 
> LOGIN unprivileged_user
> SELECT name, birth FROM patients WHERE name='alice' ALLOW FILTERING;
 
Unauthorized: Error from server: code=2100 [Unauthorized] message="User has no 
UNMASK nor SELECT_UNMASK permission on <table k.patients>"
             
> LOGIN privileged_user
> SELECT name, birth FROM patients WHERE name='alice' ALLOW FILTERING;
 
 name    | birth
---------+------------
 alXXXXe | 1900-01-01
{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org