You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Andres de la Peña (Jira)" <ji...@apache.org> on 2022/11/23 12:50:00 UTC
[jira] [Created] (CASSANDRA-18070) Add a new SELECT_MASKED permission
Andres de la Peña created CASSANDRA-18070:
---------------------------------------------
Summary: Add a new SELECT_MASKED permission
Key: CASSANDRA-18070
URL: https://issues.apache.org/jira/browse/CASSANDRA-18070
Project: Cassandra
Issue Type: New Feature
Components: Feature/Dynamic Data Masking
Reporter: Andres de la Peña
Add a table-level SELECT_MASKED permission allowing certain users to query but not see the unmasked columns introduced by CASSANDRA-18068, assuming that they also have the SELECT permission on the table, as defined by [CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking].
It would look like:
{code}
> CREATE USER unprivileged_user WITH PASSWORD 'xyz';
> CREATE USER privileged_user WITH PASSWORD 'zyx';
> GRANT SELECT ON ALL TABLE patients TO unprivileged_user;
> GRANT SELECT ON ALL TABLE patients TO privileged_user;
> GRANT SELECT_MASKED ON ALL TABLE patients TO privileged_user;
> LOGIN unprivileged_user
> SELECT name, birth FROM patients WHERE name='alice' ALLOW FILTERING;
Unauthorized: Error from server: code=2100 [Unauthorized] message="User has no UNMASK nor SELECT_UNMASK permission on <table k.patients>"
> LOGIN privileged_user
> SELECT name, birth FROM patients WHERE name='alice' ALLOW FILTERING;
name | birth
---------+------------
alXXXXe | 1900-01-01
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org