[ https://issues.apache.org/jira/browse/CASSANDRA-18070?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andres de la Peña updated CASSANDRA-18070: ------------------------------------------ Reviewers: Benjamin Lerer, Berenguer Blasi (was: Berenguer Blasi) > Add a new SELECT_MASKED permission > ---------------------------------- > > Key: CASSANDRA-18070 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18070 > Project: Cassandra > Issue Type: New Feature > Components: Feature/Dynamic Data Masking > Reporter: Andres de la Peña > Assignee: Andres de la Peña > Priority: Normal > Time Spent: 1h > Remaining Estimate: 0h > > Add a table-level SELECT_MASKED permission allowing certain users to query > but not see the unmasked columns introduced by CASSANDRA-18068, assuming that > they also have the SELECT permission on the table, as defined by > [CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking]. > > It would look like: > {code} > > CREATE USER unprivileged_user WITH PASSWORD 'xyz'; > > CREATE USER privileged_user WITH PASSWORD 'zyx'; > > > GRANT SELECT ON ALL TABLE patients TO unprivileged_user; > > GRANT SELECT ON ALL TABLE patients TO privileged_user; > > GRANT SELECT_MASKED ON ALL TABLE patients TO privileged_user; > > > LOGIN unprivileged_user > > SELECT name, birth FROM patients WHERE name='alice' ALLOW FILTERING; > > Unauthorized: Error from server: code=2100 [Unauthorized] message="User has > no UNMASK nor SELECT_UNMASK permission on <table k.patients>" > > > LOGIN privileged_user > > SELECT name, birth FROM patients WHERE name='alice' ALLOW FILTERING; > > name | birth > ---------+------------ > alXXXXe | 1900-01-01 > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org