Andres de la Peña created CASSANDRA-18070: ---------------------------------------------
Summary: Add a new SELECT_MASKED permission Key: CASSANDRA-18070 URL: https://issues.apache.org/jira/browse/CASSANDRA-18070 Project: Cassandra Issue Type: New Feature Components: Feature/Dynamic Data Masking Reporter: Andres de la Peña Add a table-level SELECT_MASKED permission allowing certain users to query but not see the unmasked columns introduced by CASSANDRA-18068, assuming that they also have the SELECT permission on the table, as defined by [CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking]. It would look like: {code} > CREATE USER unprivileged_user WITH PASSWORD 'xyz'; > CREATE USER privileged_user WITH PASSWORD 'zyx'; > GRANT SELECT ON ALL TABLE patients TO unprivileged_user; > GRANT SELECT ON ALL TABLE patients TO privileged_user; > GRANT SELECT_MASKED ON ALL TABLE patients TO privileged_user; > LOGIN unprivileged_user > SELECT name, birth FROM patients WHERE name='alice' ALLOW FILTERING; Unauthorized: Error from server: code=2100 [Unauthorized] message="User has no UNMASK nor SELECT_UNMASK permission on <table k.patients>" > LOGIN privileged_user > SELECT name, birth FROM patients WHERE name='alice' ALLOW FILTERING; name | birth ---------+------------ alXXXXe | 1900-01-01 {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org