[jira] [Commented] (RANGER-2754) Update presto dependency and implement row/column level security

Mon, 20 Apr 2020 07:40:36 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-2754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17087794#comment-17087794
 ] 

Palash Das commented on RANGER-2754:
------------------------------------

{color:#ff0000}Two more problems detected{color} : 
h3. 1. Default mask expressions are missing type casting : 

At *ranger-servicedef-presto.json*, we can find the masking expression for 
_MASK_SHOW_LAST_4_ as  
{code:sql}
regexp_replace({col}, '(.*)(.{4}$)', x -> regexp_replace(x[1], '.', 'X') || 
x[2])
{code}
Which eventually breaks if the field type is varchar(255 [or any size]). 
 As per presto
 
[https://github.com/prestosql/presto/blob/1b55b866f344b59404c77dd1da0bd3b31fed5f3f/presto-main/src/main/java/io/prestosql/sql/analyzer/StatementAnalyzer.java#L2501]

It throws error like : Expected column mask for '......' to be of type 
varchar(255), but was varchar

A quick workaround could be `*CAST( regexp_replace(\{col}, '(.*)(.\{4}$)', x -> 
regexp_replace(x[1], '.', 'X') || x[2]) as varchar(255))*` , but the actual 
field type varchar(255) must be detected programmatically.
h3. 2. Resources do not match with wildcards, e.g. ( * ), this is happening 
because CaseInsensitiveStringMatcher is used to match string values with 
wildcards.
{code:java}
//RangerDefaultResourceMatcher.java ...
resourceMatcher.isMatch(strValue, evalContext)
{code}
*CaseInsensitiveWildcardMatcher* is the correct one to use here...

> Update presto dependency and implement row/column level security
> ----------------------------------------------------------------
>
>                 Key: RANGER-2754
>                 URL: https://issues.apache.org/jira/browse/RANGER-2754
>             Project: Ranger
>          Issue Type: Improvement
>          Components: plugins
>    Affects Versions: master
>            Reporter: Bolke de Bruin
>            Assignee: Bolke de Bruin
>            Priority: Major
>         Attachments: 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> RANGER-2754-v2.patch, RANGER-2754.patch
>
>
> 1. PrestoSql has changed its Security API hence the Ranger plugin has stopped 
> working for versions > ~321. 
> 2. Presto master now has row/column level security support



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to