Posts: 57
Registered: ‎04-26-2017

Sentry Column Level REVOKE permissions for impala tables


I've got a databases with 100 tables and a sentry role which has GRANT SELECT on * at the database level.

I now need to restrict access to column A within table X.  

"REVOKE SELECT(A) ON TABLE X FOR ROLE users" does not work (although it run's sucessfully).  This does not work becuase the grant select is done at a higher level (DB level).

The only option I see is removing the select at database level, granting select on 99 tables, then granting select on table X to only given columns. This would also mean any new tables added to the database would need permissions adding each time.

Can anyone think of another option?