[SENTRY-74] Add column-level privileges for Hive/Impala - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.3.0
Fix Version/s: 1.5.0
Component/s: None
Labels:
None

Description

Currently the finest grain of privilege is at the table/view level. This leads to the unwieldy scenario where a different view has to be created for each combination of columns that need to be restricted. With column level privileges this would not be required.

In the policy file column privileges might potentially look like:

server=server1->db=default->table=employees->column=salary->action=select

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SENTRY-74.patch
22/Aug/14 10:12
258 kB
Dapeng Sun
SENTRY-74.2.patch
27/Aug/14 04:59
263 kB
Dapeng Sun
SENTRY-74.007.patch
18/Nov/14 01:55
332 kB
Dapeng Sun
SENTRY-74.006.patch
11/Nov/14 15:47
332 kB
Dapeng Sun
SENTRY-74.005.patch
29/Oct/14 05:27
334 kB
Dapeng Sun
SENTRY-74.004.patch
16/Sep/14 13:16
292 kB
Dapeng Sun
SENTRY-74.003.patch
10/Sep/14 02:19
291 kB
Dapeng Sun
Design Document of Column-Level Access Control_v1.pdf
12/Aug/14 11:29
346 kB
Dapeng Sun

Issue Links

contains

SENTRY-389 Database implementation for column

Resolved

SENTRY-390 Extend Thrift API to support column-level privilege

Resolved

SENTRY-391 Extend sentrystore query for column level privilege

Resolved

SENTRY-392 Authorization for column level security

Resolved

SENTRY-393 Grant/Revoke and Show Grant info support for column level privilege

Resolved

SENTRY-394 PolicyFile and ConfigImport support for column level privilege

Resolved

SENTRY-426 Add upgrade scripts for column level privileges

Resolved

SENTRY-847 [column level privilege] if grant column level privilege to user, show columns in table shouldn't require extra table level privilege

Resolved

incorporates

SENTRY-754 Support column level privileges on views

Open

SENTRY-753 Add documentation for Column level authorization

Resolved

is blocked by

HIVE-7932 It may cause NP exception when add accessed columns to ReadEntity

Resolved

SENTRY-509 upgrade HIVE version to 0.13.1-cdh5.3.0-SNAPSHOT in SENTRY

Resolved

HIVE-7730 Extend ReadEntity to add accessed columns from query

Closed

is depended upon by

SENTRY-491 Column privilege should filter the unauthorized columns in metadata listing

Open

is related to

SENTRY-531 Add column authorization for metadata read protection

In Progress

relates to

SENTRY-389 Database implementation for column

Resolved

SENTRY-756 Blacklist columns instead of whitelist in column level privileges

Open

SENTRY-755 HDFS access of data files should be disabled for user with privileges only on some columns

Resolved

SENTRY-844 Add tests for cases: Column-level privileges are updated when table columns are dropped, changed or replaced (i.e., using an ALTER TABLE stmt)

Open

SENTRY-758 Add test cases for partition columns with column level privileges

Resolved

SENTRY-742 Add describe, show/compute stats tests for column level privileges

Resolved

links to

Review board

(3 contains, 2 incorporates, 3 is blocked by, 1 is depended upon by, 1 is related to, 6 relates to, 1 links to)

Sub-Tasks

1.	Add upgrade scripts for column level privileges	Resolved	Xiaomeng Huang
2.	Database implementation for column	Resolved	Xiaomeng Huang
3.	Extend sentrystore query for column level privilege	Resolved	Xiaomeng Huang
4.	Extend Thrift API to support column-level privilege	Resolved	Dapeng Sun
5.	Grant/Revoke and Show Grant info support for column level privilege	Resolved	Dapeng Sun
6.	Authorization for column level security	Resolved	Xiaomeng Huang
7.	PolicyFile and ConfigImport support for column level privilege	Resolved	Dapeng Sun

Activity

People

Assignee:: Dapeng Sun

Reporter:: Jeremy Beard

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Created:: 20/Dec/13 02:16

Updated:: 26/Aug/15 09:58

Resolved:: 18/Nov/14 08:54