[
https://issues.apache.org/jira/browse/RANGER-1796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16184308#comment-16184308
]
Madhan Neethiraj commented on RANGER-1796:
------------------------------------------
[~peng.jianhua] - I think the following approach will be a simpler and
intuitive way to address your use case:
- add a policy-item for user=USER1 with desired masking for this user
- add a policy-item for group={GROUPA, GROUPB}, with maskType set to 'No Mask'
- add a policy-item for group=public, with desired masking for every one else
I think specifying masking in terms of deny and exceptions is very difficult to
understand and use. Can you review and try the above approach and let me know
if this doesn't work or if this is not easy to understand.
> Updated masking policy for hive to support for
> deny/allowException/denyExceptions
> ----------------------------------------------------------------------------------
>
> Key: RANGER-1796
> URL: https://issues.apache.org/jira/browse/RANGER-1796
> Project: Ranger
> Issue Type: New Feature
> Components: plugins
> Affects Versions: 1.0.0, master
> Reporter: peng.jianhua
> Assignee: peng.jianhua
> Labels: newbie, patch
> Attachments:
> 0001-RANGER-1796-Updated-masking-policy-for-hive-to-suppo.patch,
> masking-03.png, masking2.png, usecase-01.png, usecase-02.png
>
>
> Masking policy for hive should support for
> deny/allowException/denyExceptions to meet further business needs. Such as
> masking policy for hive should support as following scene and so on:
> USER1, USER2 and USER3 belong to the user group GROUPA. Select GROUPA group
> when created masking policy. The USER1 does not use masking and USER2, USER3
> need masking.
> We rigorously tested this issue. The test result shows that the feature is ok.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
