https://community.cloudera.com/t5/Archives-of-Support-Questions/Can-un-authorized-Hive-column-be-masked-or-redacted-instead/m-p/135242#M27523 <P>There is an enterprise level high performance <A target="_blank" href="https://www.datasunrise.com/masking/hive/">data masking</A> for hive at datasunrise <A href="https://community.cloudera.com/www.datasunrise.com/masking/hive/" target="_blank">www.datasunrise.com/masking/hive/</A></P>,<P>There is an enterprise level high performance data masking for hive at datasunrise</P><P><A href="https://community.cloudera.com/www.datasunrise.com/masking/hive/" target="_blank">www.datasunrise.com/masking/hive/</A></P> Sat, 26 Nov 2016 08:56:12 GMT trumin 2016-11-26T08:56:12Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Can-un-authorized-Hive-column-be-masked-or-redacted-instead/m-p/135239#M27520 <P>This is a most common question that I get asked from the customers - who says that failing a hive query altogether makes no sense for them in the enterprise environment, but rather want to have it redacted.</P> Fri, 06 May 2016 21:45:25 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Can-un-authorized-Hive-column-be-masked-or-redacted-instead/m-p/135239#M27520 hduraiswamy 2016-05-06T21:45:25Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Can-un-authorized-Hive-column-be-masked-or-redacted-instead/m-p/135240#M27521 <P>Because this is the question that I get asked most often times from enterprise customers in the field, here is the answer:</P><P>Ranger currently supports resource based and tag based policies for Hive (HDFS files, HBase, etc...), where you can specify a column to be un-authorized for a specific user or user group. This will fail the query by that user/group altogether.</P><P>However, there is a work in progress to make queries involving the un-authorized columns to simply mask (redact) the data instead of failing altogether. Here is the jira number <A href="https://hortonworks.jira.com/browse/RMP-3705" target="_blank">https://hortonworks.jira.com/browse/RMP-3705</A></P> Fri, 06 May 2016 21:49:48 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Can-un-authorized-Hive-column-be-masked-or-redacted-instead/m-p/135240#M27521 hduraiswamy 2016-05-06T21:49:48Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Can-un-authorized-Hive-column-be-masked-or-redacted-instead/m-p/135241#M27522 <P><A rel="user" href="https://community.cloudera.com/users/1386/hduraiswamy.html" nodeid="1386">@hduraiswamy</A> Authorization and Masking are 2 separate events. You would need access to a column for the query to run. If customer would want to filter columns, best way would be to create views. This is no different than other databases. </P><P>If the user has access to column, but the column data should be redacted, then masking would be an appropriate solution. </P> Sat, 07 May 2016 01:52:14 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Can-un-authorized-Hive-column-be-masked-or-redacted-instead/m-p/135241#M27522 bganesan 2016-05-07T01:52:14Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Can-un-authorized-Hive-column-be-masked-or-redacted-instead/m-p/135242#M27523 <P>There is an enterprise level high performance <A target="_blank" href="https://www.datasunrise.com/masking/hive/">data masking</A> for hive at datasunrise <A href="https://community.cloudera.com/www.datasunrise.com/masking/hive/" target="_blank">www.datasunrise.com/masking/hive/</A></P>,<P>There is an enterprise level high performance data masking for hive at datasunrise</P><P><A href="https://community.cloudera.com/www.datasunrise.com/masking/hive/" target="_blank">www.datasunrise.com/masking/hive/</A></P> Sat, 26 Nov 2016 08:56:12 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Can-un-authorized-Hive-column-be-masked-or-redacted-instead/m-p/135242#M27523 trumin 2016-11-26T08:56:12Z