[jira] [Updated] (SPARK-8325) Ability to provide role based row level authorization through Spark SQL
[ https://issues.apache.org/jira/browse/SPARK-8325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Patrick Wendell updated SPARK-8325: --- Target Version/s: (was: 1.4.0) Ability to provide role based row level authorization through Spark SQL --- Key: SPARK-8325 URL: https://issues.apache.org/jira/browse/SPARK-8325 Project: Spark Issue Type: New Feature Components: SQL Affects Versions: 1.4.0 Reporter: Mayoor Rao Attachments: Jira_request_table_authorization.docx Using Datasource API we can register a file as a table in through Beeline. With the implementation of jira - SPARK-8324 where we can register queries as views, the authorization requirement is not restricted to hive tables, it could be Spark registered tables as well. The Thriftserver currently enables us to use the JDBC clients to fetch the data. Data authorization would be required for any enterprise usage. Following features are expected – 1.Role based authorization 2.Ability to define roles 3.Ability to add user to roles 4.Ability to define authorization at the row level Following JDBC commands would be required to manage authorization – ADD ROLE manager WITH DESCRIPTION ProjectManager; -- Create role ADD USER james WITH ROLES {roles:[manager,seniorManager]}; -- Create user GRANT ACCESS ON EMPLOYEE FOR {roles:[manager]}; -- Grant access to the user on table AUTHORIZE ROLE USING {role:manager, tableName:EMPLOYEE, columnName:Employee_id, columnValues: [1]}; -- authorize at the row level UPDATE ROLE AUTHORIZATION WITH {role:manager, tableName:EMPLOYEE, columnName:Employee_id, columnValues: [2%,3%]}; -- update authorization REVOKE ACCESS ON EMPLOYEE FOR {roles:[manager]}; -- revoke access DELETE USER james; -- delete user DROP ROLE manager; -- delete manager Advantage • Ability to restrict the data based on the logged in user role. • Data protection • The organization can control data access to prevent unauthorized usage or viewing of the data • The users who are using the BI tools can be restricted to the data they are authorized to see. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Updated] (SPARK-8325) Ability to provide role based row level authorization through Spark SQL
[ https://issues.apache.org/jira/browse/SPARK-8325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Patrick Wendell updated SPARK-8325: --- Fix Version/s: (was: 1.4.1) Ability to provide role based row level authorization through Spark SQL --- Key: SPARK-8325 URL: https://issues.apache.org/jira/browse/SPARK-8325 Project: Spark Issue Type: New Feature Components: SQL Affects Versions: 1.4.0 Reporter: Mayoor Rao Attachments: Jira_request_table_authorization.docx Using Datasource API we can register a file as a table in through Beeline. With the implementation of jira - SPARK-8324 where we can register queries as views, the authorization requirement is not restricted to hive tables, it could be Spark registered tables as well. The Thriftserver currently enables us to use the JDBC clients to fetch the data. Data authorization would be required for any enterprise usage. Following features are expected – 1.Role based authorization 2.Ability to define roles 3.Ability to add user to roles 4.Ability to define authorization at the row level Following JDBC commands would be required to manage authorization – ADD ROLE manager WITH DESCRIPTION ProjectManager; -- Create role ADD USER james WITH ROLES {roles:[manager,seniorManager]}; -- Create user GRANT ACCESS ON EMPLOYEE FOR {roles:[manager]}; -- Grant access to the user on table AUTHORIZE ROLE USING {role:manager, tableName:EMPLOYEE, columnName:Employee_id, columnValues: [1]}; -- authorize at the row level UPDATE ROLE AUTHORIZATION WITH {role:manager, tableName:EMPLOYEE, columnName:Employee_id, columnValues: [2%,3%]}; -- update authorization REVOKE ACCESS ON EMPLOYEE FOR {roles:[manager]}; -- revoke access DELETE USER james; -- delete user DROP ROLE manager; -- delete manager Advantage • Ability to restrict the data based on the logged in user role. • Data protection • The organization can control data access to prevent unauthorized usage or viewing of the data • The users who are using the BI tools can be restricted to the data they are authorized to see. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Updated] (SPARK-8325) Ability to provide role based row level authorization through Spark SQL
[ https://issues.apache.org/jira/browse/SPARK-8325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mayoor Rao updated SPARK-8325: -- Attachment: Jira_request_table_authorization.docx More details are covered in the attached document Ability to provide role based row level authorization through Spark SQL --- Key: SPARK-8325 URL: https://issues.apache.org/jira/browse/SPARK-8325 Project: Spark Issue Type: New Feature Components: SQL Affects Versions: 1.4.0 Reporter: Mayoor Rao Fix For: 1.4.1 Attachments: Jira_request_table_authorization.docx Using Datasource API we can register a file as a table in through Beeline. With the implementation of jira - SPARK-8324 where we can register queries as views, the authorization requirement is not restricted to hive tables, it could be Spark registered tables as well. The Thriftserver currently enables us to use the JDBC clients to fetch the data. Data authorization would be required for any enterprise usage. Following features are expected – 1.Role based authorization 2.Ability to define roles 3.Ability to add user to roles 4.Ability to define authorization at the row level Following JDBC commands would be required to manage authorization – ADD ROLE manager WITH DESCRIPTION ProjectManager; -- Create role ADD USER james WITH ROLES {roles:[manager,seniorManager]}; -- Create user GRANT ACCESS ON EMPLOYEE FOR {roles:[manager]}; -- Grant access to the user on table AUTHORIZE ROLE USING {role:manager, tableName:EMPLOYEE, columnName:Employee_id, columnValues: [1]}; -- authorize at the row level UPDATE ROLE AUTHORIZATION WITH {role:manager, tableName:EMPLOYEE, columnName:Employee_id, columnValues: [2%,3%]}; -- update authorization REVOKE ACCESS ON EMPLOYEE FOR {roles:[manager]}; -- revoke access DELETE USER james; -- delete user DROP ROLE manager; -- delete manager Advantage • Ability to restrict the data based on the logged in user role. • Data protection • The organization can control data access to prevent unauthorized usage or viewing of the data • The users who are using the BI tools can be restricted to the data they are authorized to see. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org