[
https://issues.apache.org/jira/browse/RANGER-4793?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17848009#comment-17848009
]
Madhan Neethiraj commented on RANGER-4793:
------------------------------------------
[~zhongwei11] - wildcard is currently not enabled for masking and row-filter
policies to reduce the chances of setting up incompatible policies. For example:
- mask type HASH is only applicable for columns having string values. With use
of wildcard, it is easily possible for this mask type to be setup for columns
having other datatypes. Similarly for other mask types that are valid only for
specific datatypes
- row-filter expressions typically refer to columns in the table on which the
filter is applied. With use of wildcard, it is easily possible to setup a
filter on a table that doesn't include the referenced column
Over the years, there have been many asks to enable wildcards for masking and
row-filter policies - to reduce number of policies hence making it easier to
manage. This certainly requires the policy author to setup policies to avoid
incompatible masking and filtering.
{colType\} macro introduced in RANGER-4650
([https://reviews.apache.org/r/74834/]) can help setup datatype specific mask
type.
Perhaps introducing a new policy condition like COLUMNS_EXIST('state') can help
with row-filter as well. This should be explored further.
About the changes in this patch, in addition to supporting wildcards, it will
help to enable multiple columns/tables to be listed in policies. I suggest to
remove attributes other than "name" in #353 - #378 and #443 - #462 - as shown
below, which would result in values defined earlier for these resources to be
used in dataMaskDef and rowFilterDef:
{noformat}
"dataMaskDef": {
...
"resources": [
{ "name": "database" },
{ "name": "table" },
{ "name": "column" }
],
},
"rowFilterDef": {
...
"resources": [
{ "name": "database" },
{ "name": "table" }
]
}
{noformat}
> Make HADOOPSQL Masking and Row Level Filter policies support wildcards by
> default
> ---------------------------------------------------------------------------------
>
> Key: RANGER-4793
> URL: https://issues.apache.org/jira/browse/RANGER-4793
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
> Affects Versions: 2.2.0, 2.3.0, 2.4.0
> Reporter: wangzhongwei
> Assignee: wangzhongwei
> Priority: Major
> Attachments: RANGER-4793.patch
>
>
> Now ,in Access Policies ,input of database,table,and column support
> wildcards,while Masking and Row Level Filter do not work when using
> wildcards.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
