[HIVE-26708] Column masking + time travel is not working on Iceberg tables - ASF JIRA

Log work

Agile Board

Rank to Top

Rank to Bottom

Bulk Copy Attachments

Bulk Move Attachments

Add vote

Voters

Watch issue

Watchers

Create sub-task

Convert to sub-task

Move

Link

Clone

Labels

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
- iceberg

Description

Column masking + time travel is not working on Iceberg tables.

Repro:

create table col_masking (i int) stored by iceberg;

insert into col_masking values (1);
insert into col_masking values (2);
insert into col_masking values (3);

select * from col_masking for system_version as of <snapshot-id>;

The above time-travel query returns results for the given snapshot.

Now add a column masking rule in Ranger (e.g. Nullify column 'i').

Then execute the same time-travel query:

select * from col_masking for system_version as of <snapshot-id>;

Error while compiling statement: FAILED: SemanticException [Error 10004]: line 77:33 Invalid table alias or column reference 'col_masking': (possible column names are: i)

I think it's fair to say the engine doesn't support time travel + authorization rules due to security reasons, but the above error message is misleading.