[
https://issues.apache.org/jira/browse/RANGER-1195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15634970#comment-15634970
]
Don Bosco Durai commented on RANGER-1195:
-----------------------------------------
[~Jaraxal], this is good input. I feel, we should filter out columns within the
table for which the user has permission. We do that for "show tables". We need
to check whether the Hive API provides us that hook.
Regarding "select *" expanding to individual columns for the which the user has
permission might be tricky. Ranger doesn't parse the query itself, but uses the
parsed query from Hive. So it might not have ability to change the query
upfront.
I feel, even if we can get describe working, then it will be great.
> Ranger should allow for "select *" and "describe" on tables where user access
> is limited to a subset of columns.
> ----------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-1195
> URL: https://issues.apache.org/jira/browse/RANGER-1195
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
> Affects Versions: 0.5.1, 0.5.2, 0.6.0, 0.5.3, 0.6.1
> Reporter: Michael Young
> Fix For: 0.7.0
>
>
> If you create a Hive policy in Ranger which allows only a subset of columns
> in a table, users are unable to "select * from tablename" or "describe
> tablename". The user must know in advance to which columns they are allowed
> access, but they can't use "describe" to see a list of columns they are
> allowed.
> When doing either select or describe in Hive, Ranger should dynamically
> filter the columns the user is not allowed to see.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
