[ https://issues.apache.org/jira/browse/CASSANDRA-18070?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17685360#comment-17685360 ]
Andres de la Peña edited comment on CASSANDRA-18070 at 2/8/23 2:09 PM: ----------------------------------------------------------------------- Here is the PR adding the new {{SELECT_MASKED}} permission, and the PR updating auth dtests for it: ||PR||CI|| |[trunk|https://github.com/apache/cassandra/pull/2146]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/2627/workflows/3d39aa96-2ac3-4a61-a999-88fbcf2dc0fe] [j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/2627/workflows/6034b40b-6572-4fff-af7a-cca3c87ac274]| |[dtest|https://github.com/apache/cassandra-dtest/pull/209]| The patch is based on CASSANDRA-18069, which is based on CASSANDRA-18068. was (Author: adelapena): Here is the PR adding the new {{SELECT_MASKED}} permission, and the PR updating auth dtests for it: ||PR||CI|| |[trunk|https://github.com/apache/cassandra/pull/2146]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/2625/workflows/e9950fcd-6850-45fd-9199-8d28861cec9f] [j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/2625/workflows/ca876e61-ab6c-4f67-ac6f-f8ea2d09aaee]| |[dtest|https://github.com/apache/cassandra-dtest/pull/209]| The patch is based on CASSANDRA-18069, which is based on CASSANDRA-18068. > Add a new SELECT_MASKED permission > ---------------------------------- > > Key: CASSANDRA-18070 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18070 > Project: Cassandra > Issue Type: New Feature > Components: Feature/Dynamic Data Masking > Reporter: Andres de la Peña > Assignee: Andres de la Peña > Priority: Normal > Time Spent: 10m > Remaining Estimate: 0h > > Add a table-level SELECT_MASKED permission allowing certain users to query > but not see the unmasked columns introduced by CASSANDRA-18068, assuming that > they also have the SELECT permission on the table, as defined by > [CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking]. > > It would look like: > {code} > > CREATE USER unprivileged_user WITH PASSWORD 'xyz'; > > CREATE USER privileged_user WITH PASSWORD 'zyx'; > > > GRANT SELECT ON ALL TABLE patients TO unprivileged_user; > > GRANT SELECT ON ALL TABLE patients TO privileged_user; > > GRANT SELECT_MASKED ON ALL TABLE patients TO privileged_user; > > > LOGIN unprivileged_user > > SELECT name, birth FROM patients WHERE name='alice' ALLOW FILTERING; > > Unauthorized: Error from server: code=2100 [Unauthorized] message="User has > no UNMASK nor SELECT_UNMASK permission on <table k.patients>" > > > LOGIN privileged_user > > SELECT name, birth FROM patients WHERE name='alice' ALLOW FILTERING; > > name | birth > ---------+------------ > alXXXXe | 1900-01-01 > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org