[
https://issues.apache.org/jira/browse/SENTRY-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15175075#comment-15175075
]
Dapeng Sun commented on SENTRY-1067:
------------------------------------
Uploaded a high-level design document.
> Exclude capability for privilege("DENY" privilege support)
> ----------------------------------------------------------
>
> Key: SENTRY-1067
> URL: https://issues.apache.org/jira/browse/SENTRY-1067
> Project: Sentry
> Issue Type: New Feature
> Reporter: Dapeng Sun
> Assignee: Dapeng Sun
> Labels: roadmap
> Attachments: Design Document of Sentry Exclude capability for
> privilege-20160302.pdf
>
>
> Currently Sentry can only grant privileges to object, in some cases, only
> some sensitive data need to be protected. Adding exclude capability can
> simplify the management of access control.
> For example, the table "employee" have many columns, the column likes
> "username", "contact" and other information can be queried by others,but the
> column "salary" can only be queried by specific user.
> With exclude capability, we can grant privilege of table "employee" to user
> and block the column "salary".
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
