[
https://issues.apache.org/jira/browse/CASSANDRA-18070?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Berenguer Blasi updated CASSANDRA-18070:
----------------------------------------
Reviewers: Berenguer Blasi
> Add a new SELECT_MASKED permission
> ----------------------------------
>
> Key: CASSANDRA-18070
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18070
> Project: Cassandra
> Issue Type: New Feature
> Components: Feature/Dynamic Data Masking
> Reporter: Andres de la Peña
> Assignee: Andres de la Peña
> Priority: Normal
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Add a table-level SELECT_MASKED permission allowing certain users to query
> but not see the unmasked columns introduced by CASSANDRA-18068, assuming that
> they also have the SELECT permission on the table, as defined by
> [CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking].
>
> It would look like:
> {code}
> > CREATE USER unprivileged_user WITH PASSWORD 'xyz';
> > CREATE USER privileged_user WITH PASSWORD 'zyx';
>
> > GRANT SELECT ON ALL TABLE patients TO unprivileged_user;
> > GRANT SELECT ON ALL TABLE patients TO privileged_user;
> > GRANT SELECT_MASKED ON ALL TABLE patients TO privileged_user;
>
> > LOGIN unprivileged_user
> > SELECT name, birth FROM patients WHERE name='alice' ALLOW FILTERING;
>
> Unauthorized: Error from server: code=2100 [Unauthorized] message="User has
> no UNMASK nor SELECT_UNMASK permission on <table k.patients>"
>
> > LOGIN privileged_user
> > SELECT name, birth FROM patients WHERE name='alice' ALLOW FILTERING;
>
> name | birth
> ---------+------------
> alXXXXe | 1900-01-01
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
