[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16469254#comment-16469254 ]
Alexander Kolbasov commented on SENTRY-2140: -------------------------------------------- This sounds reasonable. Another way to do it is to have top-level ABAC JIRA and have various sub-jiras below it (e.g. column masking, etc). The drawback of that approach is that you can only have subtasks, not sub-jiras so now you can't have a subtask of a subtask which is inconvenient. What may be really confusing if we close ABAC jira and it turns out that there is a lot to be done still. > Attribute based access control > ------------------------------ > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core > Reporter: Steve Moist > Priority: Major > Labels: ABAC > Attachments: Sentry ABAC Proposal v1.1.pdf, Sentry ABAC Proposal.pdf > > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "attributes" that prevent users/roles from not accessing or seeing the data. > For users/roles that have that attribute, they should be able to see that > information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)