sentry-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergio Peña (JIRA) <j...@apache.org>
Subject [jira] [Commented] (SENTRY-2140) Attribute based access control
Date Wed, 09 May 2018 19:04:00 GMT

    [ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16469316#comment-16469316
] 

Sergio Peña commented on SENTRY-2140:
-------------------------------------

[~anthony.young-garner@cloudera.com] I have a few more comments:

Attribute injestion

I see two problems, a file implementation is just a reference that will not be recommended,
and if we use a DB implementation then we'll have the extra work of providing an interface
to add/edit/remove attributes from the DB. These both solutions might require maintenance
in the future even if they're not recommended, so I wonder, do we really need a file or DB
implementation to store attributes? If the proposal is to injest attributes to Sentry from
external sources that already have such attribute behavior, then what about proposing just
the interface and API that Sentry will use for attribute injestion only? Other contributors
can write their own implementations later, but having the API and the interface well documented
and well tested would be enough.

Column Masking

There is more investigation that needs to be done here, like, how is the Hive authz V2 going
to be used? How masking information is going to be communicated with the Sentry/Hive binding?
Sentry 2.0 added support for Hive authzV2 but only for grant/revoke, create/drop role operations
but not for checking privileges nor column masking due to some bugs on Hive. Have you investigated
if this V2 will work with column masking only without interfering with V1 privileges?

See DefaultSentryAccessController which is suppported.
See DefaultSentryValidator which is not supported.

Attribute and Privileges commands

I understood we cannot have a SQL command in Hive ready in time to release this feature, but
I did not understand why the 'sentryShell -t hive' command cannot be used for attribute-role
privileges. If these attributes are meant only for Hive, then why cannot we use the command?

> Attribute based access control
> ------------------------------
>
>                 Key: SENTRY-2140
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2140
>             Project: Sentry
>          Issue Type: New Feature
>          Components: Core
>            Reporter: Steve Moist
>            Priority: Major
>              Labels: ABAC
>         Attachments: Sentry ABAC Proposal v1.1.pdf, Sentry ABAC Proposal.pdf
>
>
> As a user, I want to have finer grain control over which users/roles can view data in
Hive.  Some information such as Social Security Number is considered very confidential information. 
I want to be able to tag columns in Hive with "attributes" that prevent users/roles from not
accessing or seeing the data.  For users/roles that have that attribute, they should be able
to see that information.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message