[jira] [Updated] (SPARK-8325) Ability to provide role based row level authorization through Spark SQL

[Patrick Wendell (JIRA)]

     [ 
https://issues.apache.org/jira/browse/SPARK-8325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Patrick Wendell updated SPARK-8325:
-----------------------------------
    Fix Version/s:     (was: 1.4.1)

> Ability to provide role based row level authorization through Spark SQL
> -----------------------------------------------------------------------
>
>                 Key: SPARK-8325
>                 URL: https://issues.apache.org/jira/browse/SPARK-8325
>             Project: Spark
>          Issue Type: New Feature
>          Components: SQL
>    Affects Versions: 1.4.0
>            Reporter: Mayoor Rao
>         Attachments: Jira_request_table_authorization.docx
>
>
> Using Datasource API we can register a file as a table in through Beeline. 
> With the implementation of jira - SPARK-8324 where we can register queries as 
> views, the authorization requirement is not restricted to hive tables, it 
> could be Spark registered tables as well. 
> The Thriftserver currently enables us to use the JDBC clients to fetch the 
> data. Data authorization would be required for any enterprise usage.
> Following features are expected – 
> 1.    Role based authorization
> 2.    Ability to define roles
> 3.    Ability to add user to roles
> 4.    Ability to define authorization at the row level
> Following JDBC commands would be required to manage authorization – 
> ADD ROLE manager WITH DESCRIPTION ProjectManager; -- Create role
> ADD USER james WITH ROLES {"roles":["manager","seniorManager"]}; -- Create 
> user
> GRANT ACCESS ON EMPLOYEE FOR {"roles":["manager"]}; -- Grant access to the 
> user on table
> AUTHORIZE ROLE USING {"role":"manager", "tableName":"EMPLOYEE", 
> "columnName":"Employee_id", "columnValues": ["1"]};  -- authorize at the row 
> level
> UPDATE ROLE AUTHORIZATION WITH {"role":"manager", "tableName":"EMPLOYEE", 
> "columnName":"Employee_id", "columnValues": ["2%","3%"]}; -- update 
> authorization 
> REVOKE ACCESS ON EMPLOYEE FOR {"roles":["manager"]}; -- revoke access 
> DELETE USER james; -- delete user
> DROP ROLE manager; -- delete manager
> Advantage
> •     Ability to restrict the data based on the logged in user role.
> •     Data protection
> •     The organization can control data access to prevent unauthorized usage 
> or viewing of the data
> •     The users who are using the BI tools can be restricted to the data they 
> are authorized to see.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org