Return-Path: X-Original-To: apmail-sentry-commits-archive@minotaur.apache.org Delivered-To: apmail-sentry-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 66899180C0 for ; Mon, 22 Feb 2016 07:40:21 +0000 (UTC) Received: (qmail 19696 invoked by uid 500); 22 Feb 2016 07:40:21 -0000 Delivered-To: apmail-sentry-commits-archive@sentry.apache.org Received: (qmail 19647 invoked by uid 500); 22 Feb 2016 07:40:21 -0000 Mailing-List: contact commits-help@sentry.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@sentry.incubator.apache.org Delivered-To: mailing list commits@sentry.incubator.apache.org Received: (qmail 19638 invoked by uid 99); 22 Feb 2016 07:40:21 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Feb 2016 07:40:21 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id B813AC00ED for ; Mon, 22 Feb 2016 07:40:20 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -4.349 X-Spam-Level: X-Spam-Status: No, score=-4.349 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.329] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id 9RF3yQ4tg_tq for ; Mon, 22 Feb 2016 07:40:19 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with SMTP id E16545FB12 for ; Mon, 22 Feb 2016 07:40:18 +0000 (UTC) Received: (qmail 19625 invoked by uid 99); 22 Feb 2016 07:40:18 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Feb 2016 07:40:18 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 118F72C1F57 for ; Mon, 22 Feb 2016 07:40:18 +0000 (UTC) Date: Mon, 22 Feb 2016 07:40:18 +0000 (UTC) From: "Dapeng Sun (JIRA)" To: commits@sentry.incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (SENTRY-1067) Exclude capability for privilege("DENY" privilege support) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/SENTRY-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dapeng Sun updated SENTRY-1067: ------------------------------- Summary: Exclude capability for privilege("DENY" privilege support) (was: Exclude capability for privilege(Deny privilege support)) > Exclude capability for privilege("DENY" privilege support) > ---------------------------------------------------------- > > Key: SENTRY-1067 > URL: https://issues.apache.org/jira/browse/SENTRY-1067 > Project: Sentry > Issue Type: New Feature > Reporter: Dapeng Sun > Assignee: Dapeng Sun > Labels: roadmap > > Currently Sentry can only grant privileges to object, in some cases, only some sensitive data need to be protected. Adding exclude capability can simplify the management of access control. > For example, the table "employee" have many columns, the column likes "username", "contact" and other information can be queried by others,but the column "salary" can only be queried by specific user. > With exclude capability, we can grant privilege of table "employee" to user and block the column "salary". -- This message was sent by Atlassian JIRA (v6.3.4#6332)