You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Alexander Kolbasov (JIRA)" <ji...@apache.org> on 2018/03/06 05:49:00 UTC
[jira] [Commented] (SENTRY-2140) Attribute based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16387327#comment-16387327 ]
Alexander Kolbasov commented on SENTRY-2140:
--------------------------------------------
[~moist], thank you for the proposal. The example part is great, it helps to understand where you are coming from.
It would be good to add a bit more technical substance there. In particular:
1) More formal definition of tags and their interaction with Hive privilege model
2) Some discussion of how it all applies (or doesn't apply) to generic privilege model
3) Proposed changes to Sentry thrift API (after all, CLI examples that you mention just speak Sentrish).
4) Proposed changes to the Hive privilege model
> Attribute based access control
> ------------------------------
>
> Key: SENTRY-2140
> URL: https://issues.apache.org/jira/browse/SENTRY-2140
> Project: Sentry
> Issue Type: New Feature
> Components: Core
> Reporter: Steve Moist
> Priority: Major
> Attachments: Sentry ABAC Proposal.pdf
>
>
> As a user, I want to have finer grain control over which users/roles can view data in Hive. Some information such as Social Security Number is considered very confidential information. I want to be able to tag columns in Hive with "attributes" that prevent users/roles from not accessing or seeing the data. For users/roles that have that attribute, they should be able to see that information.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)