You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Mudit Sharma (Jira)" <ji...@apache.org> on 2020/08/23 06:05:00 UTC
[jira] [Updated] (RANGER-2962) Ranger Row Level Filter (See only
data corresponding to user logged in without the need to create multiple
user entries in policy)
[ https://issues.apache.org/jira/browse/RANGER-2962?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mudit Sharma updated RANGER-2962:
---------------------------------
Summary: Ranger Row Level Filter (See only data corresponding to user logged in without the need to create multiple user entries in policy) (was: Ranger Row Level Filter (See only data corresponding to user logged in wihtout the need to create multiple user entries in policy))
> Ranger Row Level Filter (See only data corresponding to user logged in without the need to create multiple user entries in policy)
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-2962
> URL: https://issues.apache.org/jira/browse/RANGER-2962
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Reporter: Mudit Sharma
> Priority: Major
>
> We are using Apache Ranger as our Security pipeline. We found out that Ranger has a Row Level Filter option where we can limit the data visible to particular users. The issue we are facing is that, let's say there are some 100 or 1000 of users which we need to restrict to see only their own data in a particular hive table, we need to create 100 or 1000 entries in Ranger Row Level Policy, for ex: for each user A, we need to create a separate filter in policy saying user_name = "A". This sometimes hit the DB limit for a policy meta and we need to bifurcate the policy into 2-3 or many parts. Is there a way making use of \{USER} and user_name = \{USER}, we can restrict each user to see only its own data?
>
>
> Also, in Row Level Filter currently we allow only Select, I would like to check if we are looking forward for more such filter specific operations such as Insert or Alter
--
This message was sent by Atlassian Jira
(v8.3.4#803005)