You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Mayoor Rao (JIRA)" <ji...@apache.org> on 2015/06/12 14:10:00 UTC

[jira] [Updated] (SPARK-8325) Ability to provide role based row level authorization through Spark SQL

     [ https://issues.apache.org/jira/browse/SPARK-8325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mayoor Rao updated SPARK-8325:
------------------------------
    Attachment: Jira_request_table_authorization.docx

More details are covered in the attached document

> Ability to provide role based row level authorization through Spark SQL
> -----------------------------------------------------------------------
>
>                 Key: SPARK-8325
>                 URL: https://issues.apache.org/jira/browse/SPARK-8325
>             Project: Spark
>          Issue Type: New Feature
>          Components: SQL
>    Affects Versions: 1.4.0
>            Reporter: Mayoor Rao
>             Fix For: 1.4.1
>
>         Attachments: Jira_request_table_authorization.docx
>
>
> Using Datasource API we can register a file as a table in through Beeline. With the implementation of jira - SPARK-8324 where we can register queries as views, the authorization requirement is not restricted to hive tables, it could be Spark registered tables as well. 
> The Thriftserver currently enables us to use the JDBC clients to fetch the data. Data authorization would be required for any enterprise usage.
> Following features are expected – 
> 1.	Role based authorization
> 2.	Ability to define roles
> 3.	Ability to add user to roles
> 4.	Ability to define authorization at the row level
> Following JDBC commands would be required to manage authorization – 
> ADD ROLE manager WITH DESCRIPTION ProjectManager; -- Create role
> ADD USER james WITH ROLES {"roles":["manager","seniorManager"]}; -- Create user
> GRANT ACCESS ON EMPLOYEE FOR {"roles":["manager"]}; -- Grant access to the user on table
> AUTHORIZE ROLE USING {"role":"manager", "tableName":"EMPLOYEE", "columnName":"Employee_id", "columnValues": ["1"]};  -- authorize at the row level
> UPDATE ROLE AUTHORIZATION WITH {"role":"manager", "tableName":"EMPLOYEE", "columnName":"Employee_id", "columnValues": ["2%","3%"]}; -- update authorization 
> REVOKE ACCESS ON EMPLOYEE FOR {"roles":["manager"]}; -- revoke access 
> DELETE USER james; -- delete user
> DROP ROLE manager; -- delete manager
> Advantage
> •	Ability to restrict the data based on the logged in user role.
> •	Data protection
> •	The organization can control data access to prevent unauthorized usage or viewing of the data
> •	The users who are using the BI tools can be restricted to the data they are authorized to see.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org