You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@doris.apache.org by stalary <st...@163.com> on 2022/04/25 14:47:01 UTC
[Discuss][DSIP] Add Row Policy support
Dear All,
I’d like to add row policy support to Doris, column policy will also be supported in the future.
Sometimes we need permission control not only at the table level, but also at the row level, column level. At present, many users need to parse SQL and rewrite sql on out of doris or use thirdparty tools do it. which increases the use cost and causes performance loss.
The associated issue:https://github.com/apache/incubator-doris/issues/7540
There will be 2 stages:
1. Design a new set of Policy syntax
a) create policy
b) drop policy
c) show policy
d) parse expr
2. Match and rewrite sql
a) Matches policies through db + table + user
b) If multiple policies exist, merge the conditions based on the filter type, such as PERMISSIVE | RESTRICTIVE
c) Rewrite tableRef as InlineViewRef
And my account on wiki is: stalary, email is stalary@163.com
—
Best regards
Stalary
Re:[Discuss][DSIP] Add Row Policy support
Posted by 陈明雨 <mo...@163.com>.
Nice work!
I created DSIP-009[1] for it. You can write more details in it.
And this issue[2] is most in Chinese, I think we should translate it into English in DSIP.
Besides the user interface, I would like to know more about how to implement it.
[1] https://cwiki.apache.org/confluence/display/DORIS/DSIP+009%3A+Support+Row+Policy
[2] https://github.com/apache/incubator-doris/issues/7540
--
此致!Best Regards
陈明雨 Mingyu Chen
Email:
chenmingyu@apache.org
At 2022-04-25 22:47:01, "stalary" <st...@163.com> wrote:
>
>
>Dear All,
>
>
>I’d like to add row policy support to Doris, column policy will also be supported in the future.
>
>
>Sometimes we need permission control not only at the table level, but also at the row level, column level. At present, many users need to parse SQL and rewrite sql on out of doris or use thirdparty tools do it. which increases the use cost and causes performance loss.
>
>
>The associated issue:https://github.com/apache/incubator-doris/issues/7540
>
>
>There will be 2 stages:
>1. Design a new set of Policy syntax
> a) create policy
> b) drop policy
> c) show policy
> d) parse expr
>2. Match and rewrite sql
> a) Matches policies through db + table + user
> b) If multiple policies exist, merge the conditions based on the filter type, such as PERMISSIVE | RESTRICTIVE
> c) Rewrite tableRef as InlineViewRef
>
>
>And my account on wiki is: stalary, email is stalary@163.com
>
>
>—
>Best regards
>Stalary
Re: [Discuss][DSIP] Add Row Policy support
Posted by 41108453 <41...@qq.com.INVALID>.
Nice work
This is also a function that many community users want
------------------ Original ------------------
From: stalary <stalary@163.com>
Date: Mon,Apr 25,2022 10:47 PM
To: dev@doris.apache.org <dev@doris.apache.org>
Subject: Re: [Discuss][DSIP] Add Row Policy support
Dear All,
I’d like to add row policy support to Doris, column policy will also be supported in the future.
Sometimes we need permission control not only at the table level, but also at the row level, column level. At present, many users need to parse SQL and rewrite sql on out of doris or use thirdparty tools do it. which increases the use cost and causes performance loss.
The associated issue:https://github.com/apache/incubator-doris/issues/7540
There will be 2 stages:
1. Design a new set of Policy syntax
a) create policy
b) drop policy
c) show policy
d) parse expr
2. Match and rewrite sql
a) Matches policies through db + table + user
b) If multiple policies exist, merge the conditions based on the filter type, such as PERMISSIVE | RESTRICTIVE
c) Rewrite tableRef as InlineViewRef
And my account on wiki is: stalary, email is stalary@163.com
—
Best regards
Stalary