Details
Description
SCENARIO:
Table emp has 2 column families: personal_data(name,SSN,age) ; prof_data(role, manager)
Column emp/prof_data/role is tagged with OFFICIAL tag.
Create following policies:
Resource policy allows Read on all tables, all column-families and all columns and a tag policy allows Read on OFFICIAL tag to test_user.
When test_user executes "scan 'emp' " command, two audit log records are created:
1. Resource: emp/personal_data
Name / Type: column-family
Allowed
Policy allowing: Resource based policy
2. Resource: emp/prof_data
Name / Type: column-family
Allowed
Policy allowing: TAG based policy for OFFICIAL tag
prof_data column-family should be authorized by resource policy.