[ https://issues.apache.org/jira/browse/SPARK-8325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Patrick Wendell updated SPARK-8325: ----------------------------------- Fix Version/s: (was: 1.4.1) > Ability to provide role based row level authorization through Spark SQL > ----------------------------------------------------------------------- > > Key: SPARK-8325 > URL: https://issues.apache.org/jira/browse/SPARK-8325 > Project: Spark > Issue Type: New Feature > Components: SQL > Affects Versions: 1.4.0 > Reporter: Mayoor Rao > Attachments: Jira_request_table_authorization.docx > > > Using Datasource API we can register a file as a table in through Beeline. > With the implementation of jira - SPARK-8324 where we can register queries as > views, the authorization requirement is not restricted to hive tables, it > could be Spark registered tables as well. > The Thriftserver currently enables us to use the JDBC clients to fetch the > data. Data authorization would be required for any enterprise usage. > Following features are expected – > 1. Role based authorization > 2. Ability to define roles > 3. Ability to add user to roles > 4. Ability to define authorization at the row level > Following JDBC commands would be required to manage authorization – > ADD ROLE manager WITH DESCRIPTION ProjectManager; -- Create role > ADD USER james WITH ROLES {"roles":["manager","seniorManager"]}; -- Create > user > GRANT ACCESS ON EMPLOYEE FOR {"roles":["manager"]}; -- Grant access to the > user on table > AUTHORIZE ROLE USING {"role":"manager", "tableName":"EMPLOYEE", > "columnName":"Employee_id", "columnValues": ["1"]}; -- authorize at the row > level > UPDATE ROLE AUTHORIZATION WITH {"role":"manager", "tableName":"EMPLOYEE", > "columnName":"Employee_id", "columnValues": ["2%","3%"]}; -- update > authorization > REVOKE ACCESS ON EMPLOYEE FOR {"roles":["manager"]}; -- revoke access > DELETE USER james; -- delete user > DROP ROLE manager; -- delete manager > Advantage > • Ability to restrict the data based on the logged in user role. > • Data protection > • The organization can control data access to prevent unauthorized usage > or viewing of the data > • The users who are using the BI tools can be restricted to the data they > are authorized to see. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org