[
https://issues.apache.org/jira/browse/CASSANDRA-18069?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andres de la Peña updated CASSANDRA-18069:
------------------------------------------
Description:
Add a new UNMASK permission allowing users with that permission to see the data
masked by the masking functions attached to columns introduced by
CASSANDRA-18068, as defined by
[CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking].
It would look like:
{code}
> CREATE TABLE patients (
id timeuuid PRIMARY KEY,
name text MASKED WITH default(),
birth date MASKED WITH default()
);
> INSERT INTO patients(id, name, birth) VALUES (now(), 'alice', '1982-12-21');
> CREATE USER unprivileged_user WITH PASSWORD 'xyz';
> CREATE USER privileged_user WITH PASSWORD 'zyx';
> GRANT SELECT ON TABLE patients TO unprivileged_user;
> GRANT SELECT ON TABLE patients TO privileged_user;
> GRANT UNMASK ON TABLE patients TO privileged_user;
> LOGIN unprivileged_user
> SELECT name, birth FROM patients WHERE
> id=db2b372f-f91b-4537-b46b-c478f8330c29;
name | birth
---------+------------
alXXXXe | 1900-01-01
> LOGIN privileged_user
> SELECT name, birth FROM patients WHERE
> id=db2b372f-f91b-4537-b46b-c478f8330c29;
name | birth
-------+------------
alice | 1982-12-21
{code}
was:
Add a new UNMASK permission allowing users with that permission to see the data
masked by the masking functions attached to columns introduced by
CASSANDRA-18068, as defined by
[CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking].
It would look like:
{code}
> CREATE TABLE patients (
id timeuuid PRIMARY KEY,
name text MASKED WITH default(),
birth date MASKED WITH default()
);
> INSERT INTO patients(id, name, birth) VALUES (now(), 'alice', '1982-12-21');
> CREATE USER unprivileged_user WITH PASSWORD 'xyz';
> CREATE USER privileged_user WITH PASSWORD 'zyx';
> GRANT SELECT ON ALL TABLE patients TO unprivileged_user;
> GRANT SELECT ON ALL TABLE patients TO privileged_user;
> GRANT UNMASK ON ALL TABLE patients TO privileged_user;
> LOGIN unprivileged_user
> SELECT name, birth FROM patients WHERE
> id=db2b372f-f91b-4537-b46b-c478f8330c29;
name | birth
---------+------------
alXXXXe | 1900-01-01
> LOGIN privileged_user
> SELECT name, birth FROM patients WHERE
> id=db2b372f-f91b-4537-b46b-c478f8330c29;
name | birth
-------+------------
alice | 1982-12-21
{code}
> Add a new UNMASK permission
> ---------------------------
>
> Key: CASSANDRA-18069
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18069
> Project: Cassandra
> Issue Type: New Feature
> Components: Feature/Dynamic Data Masking
> Reporter: Andres de la Peña
> Assignee: Andres de la Peña
> Priority: Normal
>
> Add a new UNMASK permission allowing users with that permission to see the
> data masked by the masking functions attached to columns introduced by
> CASSANDRA-18068, as defined by
> [CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking].
> It would look like:
> {code}
> > CREATE TABLE patients (
> id timeuuid PRIMARY KEY,
> name text MASKED WITH default(),
> birth date MASKED WITH default()
> );
>
> > INSERT INTO patients(id, name, birth) VALUES (now(), 'alice', '1982-12-21');
>
> > CREATE USER unprivileged_user WITH PASSWORD 'xyz';
> > CREATE USER privileged_user WITH PASSWORD 'zyx';
>
> > GRANT SELECT ON TABLE patients TO unprivileged_user;
> > GRANT SELECT ON TABLE patients TO privileged_user;
> > GRANT UNMASK ON TABLE patients TO privileged_user;
>
> > LOGIN unprivileged_user
>
> > SELECT name, birth FROM patients WHERE
> > id=db2b372f-f91b-4537-b46b-c478f8330c29;
>
> name | birth
> ---------+------------
> alXXXXe | 1900-01-01
>
> > LOGIN privileged_user
> > SELECT name, birth FROM patients WHERE
> > id=db2b372f-f91b-4537-b46b-c478f8330c29;
>
> name | birth
> -------+------------
> alice | 1982-12-21
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
