Steve Moist commented on SENTRY-2140:

This is just Sentry for now, I'd imagine we'd want this functionality in impala 
later and I'm not sure of the scope for it now.


As for the syntax, since these tags are not related to Hive and are sourced 
from some outside source, I'd imagine that either an api or cli to add tags to 
Hive information in Sentry.  We most certainly would need a new data model to 
properly store these new attribute privileges.  I'm currently unsure if this 
requires user-level privileges.  Right now, I'm focusing on just tagging Hive 
columns, but I don't see why it could be expanded to tables or databases.

> Tag based access control
> ------------------------
>                 Key: SENTRY-2140
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2140
>             Project: Sentry
>          Issue Type: New Feature
>          Components: Core
>            Reporter: Steve Moist
>            Priority: Major
> As a user, I want to have finer grain control over which users/roles can view 
> data in Hive.  Some information such as Social Security Number is considered 
> very confidential information.  I want to be able to tag columns in Hive with 
> "tags" that prevent users/roles from not accessing or seeing the data.  For 
> users/roles that have that tag, they should be able to see that information.

This message was sent by Atlassian JIRA

Reply via email to