[jira] [Updated] (SPARK-8325) Ability to provide role based row level authorization through Spark SQL
[
https://issues.apache.org/jira/browse/SPARK-8325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Patrick Wendell updated SPARK-8325:
---
Target Version/s: (was: 1.4.0)
Ability to provide role based row level authorization through Spark SQL
---
Key: SPARK-8325
URL: https://issues.apache.org/jira/browse/SPARK-8325
Project: Spark
Issue Type: New Feature
Components: SQL
Affects Versions: 1.4.0
Reporter: Mayoor Rao
Attachments: Jira_request_table_authorization.docx
Using Datasource API we can register a file as a table in through Beeline.
With the implementation of jira - SPARK-8324 where we can register queries as
views, the authorization requirement is not restricted to hive tables, it
could be Spark registered tables as well.
The Thriftserver currently enables us to use the JDBC clients to fetch the
data. Data authorization would be required for any enterprise usage.
Following features are expected –
1.Role based authorization
2.Ability to define roles
3.Ability to add user to roles
4.Ability to define authorization at the row level
Following JDBC commands would be required to manage authorization –
ADD ROLE manager WITH DESCRIPTION ProjectManager; -- Create role
ADD USER james WITH ROLES {roles:[manager,seniorManager]}; -- Create
user
GRANT ACCESS ON EMPLOYEE FOR {roles:[manager]}; -- Grant access to the
user on table
AUTHORIZE ROLE USING {role:manager, tableName:EMPLOYEE,
columnName:Employee_id, columnValues: [1]}; -- authorize at the row
level
UPDATE ROLE AUTHORIZATION WITH {role:manager, tableName:EMPLOYEE,
columnName:Employee_id, columnValues: [2%,3%]}; -- update
authorization
REVOKE ACCESS ON EMPLOYEE FOR {roles:[manager]}; -- revoke access
DELETE USER james; -- delete user
DROP ROLE manager; -- delete manager
Advantage
• Ability to restrict the data based on the logged in user role.
• Data protection
• The organization can control data access to prevent unauthorized usage
or viewing of the data
• The users who are using the BI tools can be restricted to the data they
are authorized to see.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Updated] (SPARK-8325) Ability to provide role based row level authorization through Spark SQL
[
https://issues.apache.org/jira/browse/SPARK-8325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Patrick Wendell updated SPARK-8325:
---
Fix Version/s: (was: 1.4.1)
Ability to provide role based row level authorization through Spark SQL
---
Key: SPARK-8325
URL: https://issues.apache.org/jira/browse/SPARK-8325
Project: Spark
Issue Type: New Feature
Components: SQL
Affects Versions: 1.4.0
Reporter: Mayoor Rao
Attachments: Jira_request_table_authorization.docx
Using Datasource API we can register a file as a table in through Beeline.
With the implementation of jira - SPARK-8324 where we can register queries as
views, the authorization requirement is not restricted to hive tables, it
could be Spark registered tables as well.
The Thriftserver currently enables us to use the JDBC clients to fetch the
data. Data authorization would be required for any enterprise usage.
Following features are expected –
1.Role based authorization
2.Ability to define roles
3.Ability to add user to roles
4.Ability to define authorization at the row level
Following JDBC commands would be required to manage authorization –
ADD ROLE manager WITH DESCRIPTION ProjectManager; -- Create role
ADD USER james WITH ROLES {roles:[manager,seniorManager]}; -- Create
user
GRANT ACCESS ON EMPLOYEE FOR {roles:[manager]}; -- Grant access to the
user on table
AUTHORIZE ROLE USING {role:manager, tableName:EMPLOYEE,
columnName:Employee_id, columnValues: [1]}; -- authorize at the row
level
UPDATE ROLE AUTHORIZATION WITH {role:manager, tableName:EMPLOYEE,
columnName:Employee_id, columnValues: [2%,3%]}; -- update
authorization
REVOKE ACCESS ON EMPLOYEE FOR {roles:[manager]}; -- revoke access
DELETE USER james; -- delete user
DROP ROLE manager; -- delete manager
Advantage
• Ability to restrict the data based on the logged in user role.
• Data protection
• The organization can control data access to prevent unauthorized usage
or viewing of the data
• The users who are using the BI tools can be restricted to the data they
are authorized to see.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Updated] (SPARK-8325) Ability to provide role based row level authorization through Spark SQL
[
https://issues.apache.org/jira/browse/SPARK-8325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mayoor Rao updated SPARK-8325:
--
Attachment: Jira_request_table_authorization.docx
More details are covered in the attached document
Ability to provide role based row level authorization through Spark SQL
---
Key: SPARK-8325
URL: https://issues.apache.org/jira/browse/SPARK-8325
Project: Spark
Issue Type: New Feature
Components: SQL
Affects Versions: 1.4.0
Reporter: Mayoor Rao
Fix For: 1.4.1
Attachments: Jira_request_table_authorization.docx
Using Datasource API we can register a file as a table in through Beeline.
With the implementation of jira - SPARK-8324 where we can register queries as
views, the authorization requirement is not restricted to hive tables, it
could be Spark registered tables as well.
The Thriftserver currently enables us to use the JDBC clients to fetch the
data. Data authorization would be required for any enterprise usage.
Following features are expected –
1.Role based authorization
2.Ability to define roles
3.Ability to add user to roles
4.Ability to define authorization at the row level
Following JDBC commands would be required to manage authorization –
ADD ROLE manager WITH DESCRIPTION ProjectManager; -- Create role
ADD USER james WITH ROLES {roles:[manager,seniorManager]}; -- Create
user
GRANT ACCESS ON EMPLOYEE FOR {roles:[manager]}; -- Grant access to the
user on table
AUTHORIZE ROLE USING {role:manager, tableName:EMPLOYEE,
columnName:Employee_id, columnValues: [1]}; -- authorize at the row
level
UPDATE ROLE AUTHORIZATION WITH {role:manager, tableName:EMPLOYEE,
columnName:Employee_id, columnValues: [2%,3%]}; -- update
authorization
REVOKE ACCESS ON EMPLOYEE FOR {roles:[manager]}; -- revoke access
DELETE USER james; -- delete user
DROP ROLE manager; -- delete manager
Advantage
• Ability to restrict the data based on the logged in user role.
• Data protection
• The organization can control data access to prevent unauthorized usage
or viewing of the data
• The users who are using the BI tools can be restricted to the data they
are authorized to see.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
