Abhay Kulkarni created RANGER-2521:
--------------------------------------
Summary: Masking policies not picked from the zone of the accessed
resource
Key: RANGER-2521
URL: https://issues.apache.org/jira/browse/RANGER-2521
Project: Ranger
Issue Type: Bug
Components: Ranger
Affects Versions: master
Reporter: Abhay Kulkarni
Assignee: Abhay Kulkarni
Fix For: master
Setup:
Zone Production includes:
Services: cm_hive, cm_tag
Resources: Hive table retail_demo.customers in cm_hive
Tag-based masking policy (#43): EMAIL_PII, group=public, access=select,
maskType=nullify
Unzoned includes:
Tag-based masking policy (#44): EMAIL_PII, group=public, access=select,
maskType=hash
Column retail_demo.customers.customer_email is tagged with EMAIL_PII
When retail_demo.customers.customer_email is accessed, audit log indicates that
access is granted by policy from Production zone, but masking is done by policy
from unzoned(default) zone. Masking should be done by policy in the Production
zone too.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
