You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Pengcheng Xiong (JIRA)" <ji...@apache.org> on 2016/07/06 17:33:11 UTC

[jira] [Commented] (HIVE-14157) deal with ACID operations (insert, update, delete)

    [ https://issues.apache.org/jira/browse/HIVE-14157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15364702#comment-15364702 ] 

Pengcheng Xiong commented on HIVE-14157:
----------------------------------------

IBM db2 row filtering and column masking: https://www.ibm.com/support/knowledgecenter/SSEPEK_11.0.0/com.ibm.db2z11.doc.seca/src/tpc/db2z_rules4rowcolaccessctrl.html
ccing [~hagleitn] and [~madhan.neethiraj]

> deal with ACID operations (insert, update, delete)
> --------------------------------------------------
>
>                 Key: HIVE-14157
>                 URL: https://issues.apache.org/jira/browse/HIVE-14157
>             Project: Hive
>          Issue Type: Sub-task
>          Components: Security
>            Reporter: Pengcheng Xiong
>            Assignee: Pengcheng Xiong
>             Fix For: 2.1.0
>
>         Attachments: DB2BP_Security_RCAC_0412.pdf
>
>
> INSERT statement
> When you issue an INSERT statement against a table for which row-level access control
> is activated, the rules specified in all the enabled row permissions defined on that table
> determine whether the row can be inserted. To be inserted, the row must conform to the
> enabled row permissions that are defined on the table. A conformant row is a row that, if
> inserted, can be retrieved back by using a SELECT statement by the same user. This
> behavior is identical to how an insert into a symmetric view works. In other words, you
> cannot insert a row that you cannot select. 
> UPDATE statement
> When you issue an UPDATE statement against a table for which row-level access control
> is activated, the rules specified in all the enabled row permissions that are defined on that
> table determine whether the row can be updated. Enabled row permissions are used as
> follows during UPDATE operations:
> 1. The enabled row permissions filter the set of rows to be updated. In other words,
> you cannot update rows that you cannot select.
> 2. The updated rows (if any) must conform to the enabled row permissions. A
> conformant updated row is a row that can be retrieved back using a SELECT
> statement by the same user. This is identical to how an update of a symmetric
> view works. In other words, you cannot update a row such that you can no
> longer select that row.
> DELETE statement
> When a DELETE statement is issued against a table for which row-level access control is
> activated, the rules specified in all the enabled row permissions that are defined on that
> table determine which rows can be deleted. The enabled row permissions filter the set of
> rows to be deleted. In other words, you cannot delete rows that you cannot select.
> MERGE statement
> A MERGE statement can be thought of as both an INSERT and an UPDATE operation.
> The processing of a MERGE follows the processing of INSERT and UPDATE.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)