[
https://issues.apache.org/jira/browse/SENTRY-74?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14098061#comment-14098061
]
Dapeng Sun commented on SENTRY-74:
----------------------------------
Thank [~tctruong213] and [~sravya] for the comments.
Hi [~tctruong213] and [~sravya]
As [~sravya] said:" we do not plan to support multi-column in single line in
policy files, we do plan to support it in db provider, like: Grant all on
Column tb1.col1, tb2.col2 to role roleName.", and it's a good proposal, we can
do multi-column or multi-table support in future, may not in this jira.
[~tctruong213] :
{quote}It's more likely that a user is blocked access a small subset of the
columns to protect some sensitive data while allow access to the rest.{quote}
[~sravya] :
{quote}It might be also good to consider supporting wildcard characters?{quote}
It is a very meaningful case, and [~sravya]'s solution is very good, thank both
of you, how about fire another jira to support wildcard for privilege?
> Add column-level privileges for Hive/Impala
> -------------------------------------------
>
> Key: SENTRY-74
> URL: https://issues.apache.org/jira/browse/SENTRY-74
> Project: Sentry
> Issue Type: Improvement
> Affects Versions: 1.3.0
> Reporter: Jeremy Beard
> Assignee: Dapeng Sun
> Fix For: 1.5.0
>
> Attachments: Design Document of Column-Level Access Control_v1.pdf
>
>
> Currently the finest grain of privilege is at the table/view level. This
> leads to the unwieldy scenario where a different view has to be created for
> each combination of columns that need to be restricted. With column level
> privileges this would not be required.
> In the policy file column privileges might potentially look like:
> server=server1->db=default->table=employees->column=salary->action=select
--
This message was sent by Atlassian JIRA
(v6.2#6252)
