[ https://issues.apache.org/jira/browse/CASSANDRA-18069?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andres de la Peña updated CASSANDRA-18069: ------------------------------------------ Description: Add a new UNMASK permission allowing users with that permission to see the data masked by the masking functions attached to columns introduced by CASSANDRA-18068, as defined by [CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking]. It would look like: {code} > CREATE TABLE patients ( id timeuuid PRIMARY KEY, name text MASKED WITH default(), birth date MASKED WITH default() ); > INSERT INTO patients(id, name, birth) VALUES (now(), 'alice', '1982-12-21'); > CREATE USER unprivileged_user WITH PASSWORD 'xyz'; > CREATE USER privileged_user WITH PASSWORD 'zyx'; > GRANT SELECT ON TABLE patients TO unprivileged_user; > GRANT SELECT ON TABLE patients TO privileged_user; > GRANT UNMASK ON TABLE patients TO privileged_user; > LOGIN unprivileged_user > SELECT name, birth FROM patients WHERE > id=db2b372f-f91b-4537-b46b-c478f8330c29; name | birth ---------+------------ alXXXXe | 1900-01-01 > LOGIN privileged_user > SELECT name, birth FROM patients WHERE > id=db2b372f-f91b-4537-b46b-c478f8330c29; name | birth -------+------------ alice | 1982-12-21 {code} was: Add a new UNMASK permission allowing users with that permission to see the data masked by the masking functions attached to columns introduced by CASSANDRA-18068, as defined by [CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking]. It would look like: {code} > CREATE TABLE patients ( id timeuuid PRIMARY KEY, name text MASKED WITH default(), birth date MASKED WITH default() ); > INSERT INTO patients(id, name, birth) VALUES (now(), 'alice', '1982-12-21'); > CREATE USER unprivileged_user WITH PASSWORD 'xyz'; > CREATE USER privileged_user WITH PASSWORD 'zyx'; > GRANT SELECT ON ALL TABLE patients TO unprivileged_user; > GRANT SELECT ON ALL TABLE patients TO privileged_user; > GRANT UNMASK ON ALL TABLE patients TO privileged_user; > LOGIN unprivileged_user > SELECT name, birth FROM patients WHERE > id=db2b372f-f91b-4537-b46b-c478f8330c29; name | birth ---------+------------ alXXXXe | 1900-01-01 > LOGIN privileged_user > SELECT name, birth FROM patients WHERE > id=db2b372f-f91b-4537-b46b-c478f8330c29; name | birth -------+------------ alice | 1982-12-21 {code} > Add a new UNMASK permission > --------------------------- > > Key: CASSANDRA-18069 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18069 > Project: Cassandra > Issue Type: New Feature > Components: Feature/Dynamic Data Masking > Reporter: Andres de la Peña > Assignee: Andres de la Peña > Priority: Normal > > Add a new UNMASK permission allowing users with that permission to see the > data masked by the masking functions attached to columns introduced by > CASSANDRA-18068, as defined by > [CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking]. > It would look like: > {code} > > CREATE TABLE patients ( > id timeuuid PRIMARY KEY, > name text MASKED WITH default(), > birth date MASKED WITH default() > ); > > > INSERT INTO patients(id, name, birth) VALUES (now(), 'alice', '1982-12-21'); > > > CREATE USER unprivileged_user WITH PASSWORD 'xyz'; > > CREATE USER privileged_user WITH PASSWORD 'zyx'; > > > GRANT SELECT ON TABLE patients TO unprivileged_user; > > GRANT SELECT ON TABLE patients TO privileged_user; > > GRANT UNMASK ON TABLE patients TO privileged_user; > > > LOGIN unprivileged_user > > > SELECT name, birth FROM patients WHERE > > id=db2b372f-f91b-4537-b46b-c478f8330c29; > > name | birth > ---------+------------ > alXXXXe | 1900-01-01 > > > LOGIN privileged_user > > SELECT name, birth FROM patients WHERE > > id=db2b372f-f91b-4537-b46b-c478f8330c29; > > name | birth > -------+------------ > alice | 1982-12-21 > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org