Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
Column masking + time travel is not working on Iceberg tables.
Repro:
create table col_masking (i int) stored by iceberg; insert into col_masking values (1); insert into col_masking values (2); insert into col_masking values (3); select * from col_masking for system_version as of <snapshot-id>;
The above time-travel query returns results for the given snapshot.
Now add a column masking rule in Ranger (e.g. Nullify column 'i').
Then execute the same time-travel query:
select * from col_masking for system_version as of <snapshot-id>; Error while compiling statement: FAILED: SemanticException [Error 10004]: line 77:33 Invalid table alias or column reference 'col_masking': (possible column names are: i)
I think it's fair to say the engine doesn't support time travel + authorization rules due to security reasons, but the above error message is misleading.