You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@sentry.apache.org by "Alexander Kolbasov (JIRA)" <ji...@apache.org> on 2018/01/25 19:15:00 UTC

[jira] [Commented] (SENTRY-1067) Exclude capability for privilege("DENY" privilege support)

    [ https://issues.apache.org/jira/browse/SENTRY-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16339662#comment-16339662 ] 

Alexander Kolbasov commented on SENTRY-1067:
--------------------------------------------

[~dapengsun] Are you still working on this? It is marked as "in-progress"

> Exclude capability for privilege("DENY" privilege support)
> ----------------------------------------------------------
>
>                 Key: SENTRY-1067
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1067
>             Project: Sentry
>          Issue Type: New Feature
>            Reporter: Dapeng Sun
>            Assignee: Dapeng Sun
>            Priority: Major
>              Labels: roadmap
>         Attachments: Design Document of Sentry Exclude capability for privilege-20160302.pdf
>
>
> Currently Sentry can only grant privileges to object, in some cases, only some sensitive data need to be protected. Adding exclude capability can simplify the management of access control.
> For example, the table "employee" have many columns, the column likes "username", "contact" and other information can be queried by others,but the column "salary" can only be queried by specific user.
> With exclude capability, we can grant privilege of table "employee" to user and block the column "salary".



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)