[
https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16469254#comment-16469254
]
Alexander Kolbasov commented on SENTRY-2140:
--------------------------------------------
This sounds reasonable. Another way to do it is to have top-level ABAC JIRA and
have various sub-jiras below it (e.g. column masking, etc). The drawback of
that approach is that you can only have subtasks, not sub-jiras so now you
can't have a subtask of a subtask which is inconvenient.
What may be really confusing if we close ABAC jira and it turns out that there
is a lot to be done still.
> Attribute based access control
> ------------------------------
>
> Key: SENTRY-2140
> URL: https://issues.apache.org/jira/browse/SENTRY-2140
> Project: Sentry
> Issue Type: New Feature
> Components: Core
> Reporter: Steve Moist
> Priority: Major
> Labels: ABAC
> Attachments: Sentry ABAC Proposal v1.1.pdf, Sentry ABAC Proposal.pdf
>
>
> As a user, I want to have finer grain control over which users/roles can view
> data in Hive. Some information such as Social Security Number is considered
> very confidential information. I want to be able to tag columns in Hive with
> "attributes" that prevent users/roles from not accessing or seeing the data.
> For users/roles that have that attribute, they should be able to see that
> information.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
