[
https://issues.apache.org/jira/browse/RANGER-1195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15648444#comment-15648444
]
Ramesh Mani commented on RANGER-1195:
-------------------------------------
[~bosco][~Jaraxal] Ok, I see that filtering and showing the columns based on
the policy to access would be good to avoid confusion and I see that we have an
opportunity to have one more level of control than a traditional Database where
to restrict access to columns, we need to create a view on the tables with
selected columns and give "select" permission to the user. Here "select",
"describe <table>, show columns from|in <table> from|in <database> has to get
the necessary filter hook from Hive.
Hi [~thejas], What it would take HIVE to provide RANGER the necessary hook for
filtering out columns using HiveAuthorizer.filterListCmdObjects() for these
commands? Appreciate your input here.
> Ranger should allow for "select *" and "describe" on tables where user access
> is limited to a subset of columns.
> ----------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-1195
> URL: https://issues.apache.org/jira/browse/RANGER-1195
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
> Affects Versions: 0.5.1, 0.5.2, 0.6.0, 0.5.3, 0.6.1
> Reporter: Michael Young
> Fix For: 0.7.0
>
>
> If you create a Hive policy in Ranger which allows only a subset of columns
> in a table, users are unable to "select * from tablename" or "describe
> tablename". The user must know in advance to which columns they are allowed
> access, but they can't use "describe" to see a list of columns they are
> allowed.
> When doing either select or describe in Hive, Ranger should dynamically
> filter the columns the user is not allowed to see.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
