[
https://issues.apache.org/jira/browse/SENTRY-74?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14095733#comment-14095733
]
Tuong Truong commented on SENTRY-74:
------------------------------------
Hi Dapeng,
Some question and clarification:
>From the HLD:
====================
Policy File support
Policy file should support column and forward compatible, we will add a
key-value pair to every privilege. If there is no column key pair, the
privilege also should be parsed.
The old format is
db1_read_role = server=server1->db=db1->table=tb1->action=select
The new format will be like these
db1_read_role = server=server1->db=db1->table=tb1->column=col1->action=select
====================
Should we be able to omit the column specification? Old format should still
imply all column access is allowed, right?
How about multi-column syntax? db1_read_role =
server=server1->db=db1->table=tb1->column=col1,col2, col3->action=select ???
> Add column-level privileges for Hive/Impala
> -------------------------------------------
>
> Key: SENTRY-74
> URL: https://issues.apache.org/jira/browse/SENTRY-74
> Project: Sentry
> Issue Type: Improvement
> Affects Versions: 1.3.0
> Reporter: Jeremy Beard
> Assignee: Dapeng Sun
> Fix For: 1.5.0
>
> Attachments: Design Document of Column-Level Access Control_v1.pdf
>
>
> Currently the finest grain of privilege is at the table/view level. This
> leads to the unwieldy scenario where a different view has to be created for
> each combination of columns that need to be restricted. With column level
> privileges this would not be required.
> In the policy file column privileges might potentially look like:
> server=server1->db=default->table=employees->column=salary->action=select
--
This message was sent by Atlassian JIRA
(v6.2#6252)
