You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Mayoor Rao (JIRA)" <ji...@apache.org> on 2015/06/12 14:10:00 UTC
[jira] [Updated] (SPARK-8325) Ability to provide role based row
level authorization through Spark SQL
[ https://issues.apache.org/jira/browse/SPARK-8325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mayoor Rao updated SPARK-8325:
------------------------------
Attachment: Jira_request_table_authorization.docx
More details are covered in the attached document
> Ability to provide role based row level authorization through Spark SQL
> -----------------------------------------------------------------------
>
> Key: SPARK-8325
> URL: https://issues.apache.org/jira/browse/SPARK-8325
> Project: Spark
> Issue Type: New Feature
> Components: SQL
> Affects Versions: 1.4.0
> Reporter: Mayoor Rao
> Fix For: 1.4.1
>
> Attachments: Jira_request_table_authorization.docx
>
>
> Using Datasource API we can register a file as a table in through Beeline. With the implementation of jira - SPARK-8324 where we can register queries as views, the authorization requirement is not restricted to hive tables, it could be Spark registered tables as well.
> The Thriftserver currently enables us to use the JDBC clients to fetch the data. Data authorization would be required for any enterprise usage.
> Following features are expected –
> 1. Role based authorization
> 2. Ability to define roles
> 3. Ability to add user to roles
> 4. Ability to define authorization at the row level
> Following JDBC commands would be required to manage authorization –
> ADD ROLE manager WITH DESCRIPTION ProjectManager; -- Create role
> ADD USER james WITH ROLES {"roles":["manager","seniorManager"]}; -- Create user
> GRANT ACCESS ON EMPLOYEE FOR {"roles":["manager"]}; -- Grant access to the user on table
> AUTHORIZE ROLE USING {"role":"manager", "tableName":"EMPLOYEE", "columnName":"Employee_id", "columnValues": ["1"]}; -- authorize at the row level
> UPDATE ROLE AUTHORIZATION WITH {"role":"manager", "tableName":"EMPLOYEE", "columnName":"Employee_id", "columnValues": ["2%","3%"]}; -- update authorization
> REVOKE ACCESS ON EMPLOYEE FOR {"roles":["manager"]}; -- revoke access
> DELETE USER james; -- delete user
> DROP ROLE manager; -- delete manager
> Advantage
> • Ability to restrict the data based on the logged in user role.
> • Data protection
> • The organization can control data access to prevent unauthorized usage or viewing of the data
> • The users who are using the BI tools can be restricted to the data they are authorized to see.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org