Return-Path: X-Original-To: apmail-sentry-commits-archive@minotaur.apache.org Delivered-To: apmail-sentry-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9082018E19 for ; Wed, 17 Feb 2016 01:10:25 +0000 (UTC) Received: (qmail 46565 invoked by uid 500); 17 Feb 2016 01:10:25 -0000 Delivered-To: apmail-sentry-commits-archive@sentry.apache.org Received: (qmail 46519 invoked by uid 500); 17 Feb 2016 01:10:25 -0000 Mailing-List: contact commits-help@sentry.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@sentry.incubator.apache.org Delivered-To: mailing list commits@sentry.incubator.apache.org Received: (qmail 46510 invoked by uid 99); 17 Feb 2016 01:10:25 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Feb 2016 01:10:25 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 214221804EF for ; Wed, 17 Feb 2016 01:10:25 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -4.349 X-Spam-Level: X-Spam-Status: No, score=-4.349 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.329] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id mzqBJEh82stE for ; Wed, 17 Feb 2016 01:10:24 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with SMTP id DBA9260F22 for ; Wed, 17 Feb 2016 01:10:23 +0000 (UTC) Received: (qmail 46251 invoked by uid 99); 17 Feb 2016 01:10:18 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Feb 2016 01:10:18 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 29A7C2C1F57 for ; Wed, 17 Feb 2016 01:10:18 +0000 (UTC) Date: Wed, 17 Feb 2016 01:10:18 +0000 (UTC) From: "Dapeng Sun (JIRA)" To: commits@sentry.incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (SENTRY-1067) Exclude capability for privilege MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/SENTRY-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15149630#comment-15149630 ] Dapeng Sun commented on SENTRY-1067: ------------------------------------ I'm not going to restrict it at column, I think table or database level privilege also should work, do you have any thought? > Exclude capability for privilege > -------------------------------- > > Key: SENTRY-1067 > URL: https://issues.apache.org/jira/browse/SENTRY-1067 > Project: Sentry > Issue Type: New Feature > Reporter: Dapeng Sun > Assignee: Dapeng Sun > > Currently Sentry can only grant privileges to object, in some cases, only some sensitive data need to be protected. Adding exclude capability can simplify the management of access control. > For example, the table "employee" have many columns, the column likes "username", "contact" and other information can be queried by others,but the column "salary" can only be queried by specific user. > With exclude capability, we can grant privilege of table "employee" to user and block the column "salary". -- This message was sent by Atlassian JIRA (v6.3.4#6332)