[jira] [Commented] (SENTRY-2140) Tag based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16370288#comment-16370288 ] Steve Moist commented on SENTRY-2140: - [~spena] there is no difference. We were using the term tag for a while, but it's better to lump it under ABAC. > Tag based access control > > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core >Reporter: Steve Moist >Priority: Major > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "tags" that prevent users/roles from not accessing or seeing the data. For > users/roles that have that tag, they should be able to see that information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2140) Tag based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16367758#comment-16367758 ] Sergio Peña commented on SENTRY-2140: - Btw, what is the difference between ABAC and TBAC? > Tag based access control > > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core >Reporter: Steve Moist >Priority: Major > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "tags" that prevent users/roles from not accessing or seeing the data. For > users/roles that have that tag, they should be able to see that information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2140) Tag based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16367757#comment-16367757 ] Sergio Peña commented on SENTRY-2140: - That's ABAC added in our whishlist. There are no plans nor documents around it, though. > Tag based access control > > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core >Reporter: Steve Moist >Priority: Major > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "tags" that prevent users/roles from not accessing or seeing the data. For > users/roles that have that tag, they should be able to see that information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2140) Tag based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16366217#comment-16366217 ] Steve Moist commented on SENTRY-2140: - This ticket looks similar, https://issues.apache.org/jira/browse/SENTRY-1140 are any of those parent tasks planned out? > Tag based access control > > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core >Reporter: Steve Moist >Priority: Major > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "tags" that prevent users/roles from not accessing or seeing the data. For > users/roles that have that tag, they should be able to see that information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2140) Tag based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16365964#comment-16365964 ] Steve Moist commented on SENTRY-2140: - Yes, I will be working on a proposal for next week. > Tag based access control > > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core >Reporter: Steve Moist >Priority: Major > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "tags" that prevent users/roles from not accessing or seeing the data. For > users/roles that have that tag, they should be able to see that information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2140) Tag based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16363430#comment-16363430 ] Alexander Kolbasov commented on SENTRY-2140: It would be nice to see a more detailed description of the proposal once you have it worked out. > Tag based access control > > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core >Reporter: Steve Moist >Priority: Major > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "tags" that prevent users/roles from not accessing or seeing the data. For > users/roles that have that tag, they should be able to see that information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2140) Tag based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16363197#comment-16363197 ] Sergio Peña commented on SENTRY-2140: - Are these tags linked to a specific privilege? are roles tight to tags or tags are just a different identity linked to privileges > Tag based access control > > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core >Reporter: Steve Moist >Priority: Major > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "tags" that prevent users/roles from not accessing or seeing the data. For > users/roles that have that tag, they should be able to see that information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2140) Tag based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16350956#comment-16350956 ] Steve Moist commented on SENTRY-2140: - This is just Sentry for now, I'd imagine we'd want this functionality in impala later and I'm not sure of the scope for it now. As for the syntax, since these tags are not related to Hive and are sourced from some outside source, I'd imagine that either an api or cli to add tags to Hive information in Sentry. We most certainly would need a new data model to properly store these new attribute privileges. I'm currently unsure if this requires user-level privileges. Right now, I'm focusing on just tagging Hive columns, but I don't see why it could be expanded to tables or databases. > Tag based access control > > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core >Reporter: Steve Moist >Priority: Major > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "tags" that prevent users/roles from not accessing or seeing the data. For > users/roles that have that tag, they should be able to see that information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2140) Tag based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16350882#comment-16350882 ] Alexander Kolbasov commented on SENTRY-2140: Is it a Sentry request or Hive request or both? Do you propose to tag columns using some kind of new Hive syntax or something else? What are these tags and how do they relate to privileges? Does this require some kind of user-level privileges? What objects do you want to tag - just columns or something else? > Tag based access control > > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core >Reporter: Steve Moist >Priority: Major > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "tags" that prevent users/roles from not accessing or seeing the data. For > users/roles that have that tag, they should be able to see that information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)