[RANGER-2962] Ranger Row Level Filter (See only data corresponding to user logged in without the need to create multiple user entries in policy) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Information Provided
Affects Version/s: None
Fix Version/s: None
Component/s: Ranger
Labels:
None

Description

We are using Apache Ranger as our Security pipeline. We found out that Ranger has a Row Level Filter option where we can limit the data visible to particular users. The issue we are facing is that, let's say there are some 100 or 1000 of users which we need to restrict to see only their own data in a particular hive table, we need to create 100 or 1000 entries in Ranger Row Level Policy, for ex: for each user A, we need to create a separate filter in policy saying user_name = "A". This sometimes hit the DB limit for a policy meta and we need to bifurcate the policy into 2-3 or many parts. Is there a way making use of {USER} and user_name = {USER}, we can restrict each user to see only its own data?

Also, in Row Level Filter currently we allow only Select, I would like to check if we are looking forward for more such filter specific operations such as Insert or Alter

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-RANGER-2962-USER-Transformation-in-Hive-Plugin-s-Row.patch
27/Feb/21 20:07
7 kB
Mudit Sharma

Activity

People

Assignee:: Unassigned

Reporter:: Mudit Sharma

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 23/Aug/20 06:04

Updated:: 02/Mar/21 16:25

Resolved:: 02/Mar/21 16:25

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

10m