Hi Madhan, Thank you for your reply. As you mentioned, when I tried creating multiple policies for the same table/column I got the same error- Error Code : 3010 Another policy already exists for matching resource: policy-name=[testdb.testtable.col1], service=[test_hive]
I don't see this option of overriding the policy though in my ranger, Is it something which comes with the latest version of Ranger? I am using 0.7.1 version of the ranger. Another question on Rowfiltering policy creation, If I have some policy created something like below, [image: image.png] Here in this case how WHERE clause restriction will be applied on *custKey* column for user admin? Will it have *custKey>300 AND custKey>100* or something else? Thanks & Regards, Reetika On Tue, May 26, 2020 at 10:39 PM Madhan Neethiraj <mad...@apache.org> wrote: > It should not be possible to create multiple column-masking policies for a > column. Attempt to create a second policy for a column should result in > following error: > > Error Code : 3010 Another policy already exists for matching resource: > policy-name=[testdb.testtable.col1], service=[test_hive] > > > > Assuming you managed to create multiple such policies (perhaps by updating > the default Hive service-def – which is not recommended), policy priority > can be used to order the evaluation i.e. policies with ‘Override’ priority > will be evaluated before policies with ‘Normal’ priority. However, the > order of evaluation within a given priority cannot be controlled by the > user. > > > > > > > > The same applies for row-filtering policies as well. > > > > Hope this helps. > > > > Madhan > > > > *From: *reetika agrawal <agrawal.reetika...@gmail.com> > *Reply-To: *"user@ranger.apache.org" <user@ranger.apache.org> > *Date: *Tuesday, May 26, 2020 at 6:54 AM > *To: *"user@ranger.apache.org" <user@ranger.apache.org> > *Subject: *Question on Ranger Hive Row filtering and Column Masking > > > > Hi, > > I would like to know how ranger evaluates and apply column Masking policy > if there is more than one type of column masking policy defined for a given > column of a table? > > > > Ex- > > Policy1 -> testable -> col1 -> *Nulllify (Column masking)* -> User1 > > Policy2 -> testable -> col1 -> *Nulllify (Hash)* -> User1 > > > > Same question, for Row filtering as well, > > Ex- > > Policy1 -> testable -> *No-filter appplied (Row filtering)* -> User1 > > Policy2 -> testable -> *col1='A' (Row filtering) *-> User1 > > > > In the above cases which policy will be honored in both the case of Column > masking and Row filtering? > > If there is any document around it, could you please point to me that also. > > > > -- > > Thanks, > > Reetika Agrawal > -- Thanks, Reetika Agrawal
