Adding my thoughts here... Both Apache Sentry and Apache ranger would not offer you column level fine grained security. Perhaps, as suggested by one member, creating views is more meaningful
-- Thanks, Raunak Jhawar On Thu, Mar 26, 2015 at 8:53 PM, Alan Gates <[email protected]> wrote: > Column level permissions was added to Hive default authorization in > HIVE-5837. That is why the TBL_COL_PRIV tables exists in the metastore. > The problem with default auth is it isn't really secure, as anyone can > grant anybody (including themselves) any privilege. > > But Allen is correct that it doesn't work with the SQL Standard > Authorization added in Hive 0.14. The only method using SQL standard auth > out of the box is views. I believe using Apache Ranger (and maybe Apache > Sentry, I'm not sure) with SQL standard auth you can get column level > privileges. > > Alan. > > Nitin Pawar <[email protected]> > March 26, 2015 at 4:18 > Column level security in hive was added at HIVE-5837 > <https://issues.apache.org/jira/browse/HIVE-5837> > > It has the PDF link for your readings. > > https://cwiki.apache.org/confluence/display/Hive/AuthDev talks about > setting column level permissions > > > > > -- > Nitin Pawar > Allen <[email protected]> > March 26, 2015 at 4:09 > > Thanks for your replay. > > If we handle the privileges by creating views, it will lead to lots of > views in our database. > > I found there is a table named TBL_COL_PRIV in hive metastore database, > maybe this table is related to column privilege,but it is never used in > hive. Anybody knew why? > > > -------------------------------- > > > ----- 原始邮件 ----- > 发件 人:Daniel Haviv <[email protected]> > <[email protected]> > 收件 人:"[email protected]" <[email protected]> <[email protected]> > <[email protected]> > 主题:Re: how to set column level privileges > 日期:2015年03月26日 18点42分 > > Create a view with the permitted columns and handle the privileges for it > > Daniel > > On 26 במרץ 2015, at 12:40, Allen <[email protected]> wrote: > >
