[RANGER-2521] Masking policies not picked from the zone of the accessed resource - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: master
Fix Version/s: master
Component/s: Ranger
Labels:
None

Description

Setup:

Zone Production includes:

Services: cm_hive, cm_tag

Resources: Hive table retail_demo.customers in cm_hive

Tag-based masking policy (#43): EMAIL_PII, group=public, access=select, maskType=nullify

Unzoned includes:

Tag-based masking policy (#44): EMAIL_PII, group=public, access=select, maskType=hash

Column retail_demo.customers.customer_email is tagged with EMAIL_PII

When retail_demo.customers.customer_email is accessed, audit log indicates that access is granted by policy from Production zone, but masking is done by policy from unzoned(default) zone. Masking should be done by policy in the Production zone too.

Attachments

Activity

People

Assignee:: Abhay Kulkarni

Reporter:: Abhay Kulkarni

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 28/Jul/19 22:58

Updated:: 29/Jul/19 06:12

Resolved:: 29/Jul/19 06:12