You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sentry.apache.org by "Dapeng Sun (JIRA)" <ji...@apache.org> on 2016/03/02 06:39:18 UTC

[jira] [Commented] (SENTRY-1067) Exclude capability for privilege("DENY" privilege support)

    [ https://issues.apache.org/jira/browse/SENTRY-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15175074#comment-15175074 ] 

Dapeng Sun commented on SENTRY-1067:
------------------------------------

Hi [~hahao], it designed for HIVE currently.

> Exclude capability for privilege("DENY" privilege support)
> ----------------------------------------------------------
>
>                 Key: SENTRY-1067
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1067
>             Project: Sentry
>          Issue Type: New Feature
>            Reporter: Dapeng Sun
>            Assignee: Dapeng Sun
>              Labels: roadmap
>         Attachments: Design Document of Sentry Exclude capability for privilege-20160302.pdf
>
>
> Currently Sentry can only grant privileges to object, in some cases, only some sensitive data need to be protected. Adding exclude capability can simplify the management of access control.
> For example, the table "employee" have many columns, the column likes "username", "contact" and other information can be queried by others,but the column "salary" can only be queried by specific user.
> With exclude capability, we can grant privilege of table "employee" to user and block the column "salary".



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)