Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-18069

Add a new UNMASK permission

    XMLWordPrintableJSON

Details

    Description

      Add a new UNMASK permission allowing users with that permission to see the data masked by the masking functions attached to columns introduced by CASSANDRA-18068, as defined by CEP-20.

      It would look like:

      > CREATE TABLE patients (
      id timeuuid PRIMARY KEY,
      name text MASKED WITH default(),
      birth date MASKED WITH default()
      );
 
> INSERT INTO patients(id, name, birth) VALUES (now(), 'alice', '1982-12-21');
 
> CREATE USER unprivileged_user WITH PASSWORD 'xyz';
> CREATE USER privileged_user WITH PASSWORD 'zyx';
 
> GRANT SELECT ON TABLE patients TO unprivileged_user;
> GRANT SELECT ON TABLE patients TO privileged_user;
> GRANT UNMASK ON TABLE patients TO privileged_user;
 
> LOGIN unprivileged_user
 
> SELECT name, birth FROM patients WHERE id=db2b372f-f91b-4537-b46b-c478f8330c29;
 
 name    | birth
---------+------------
 alXXXXe | 1900-01-01 
             
> LOGIN privileged_user
> SELECT name, birth FROM patients WHERE id=db2b372f-f91b-4537-b46b-c478f8330c29;
 
 name  | birth
-------+------------
 alice | 1982-12-21

      Attachments

        Issue Links

          blocks

          New Feature - A new feature of the product, which has yet to be developed. CASSANDRA-18070 Add a new SELECT_MASKED permission

          • Normal -
          • Resolved
          is blocked by

          New Feature - A new feature of the product, which has yet to be developed. CASSANDRA-17941 CQL data masking functions

          • Normal -
          • Resolved

          New Feature - A new feature of the product, which has yet to be developed. CASSANDRA-18068 Allow to attach native masking functions to table columns

          • Normal -
          • Resolved

          Activity

            People

              adelapena Andres de la Peña
              adelapena Andres de la Peña
              Andres de la Peña
              Benjamin Lerer, Berenguer Blasi
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 6h 40m
                  6h 40m