Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Can un-authorized Hive column be masked or redacted? (instead of failing the query altogether)

Labels:
avatar
author-rank hduraiswamy
Super Collaborator

Created ‎05-06-2016 02:45 PM

This is a most common question that I get asked from the customers - who says that failing a hive query altogether makes no sense for them in the enterprise environment, but rather want to have it redacted.

2,643 Views
1 ACCEPTED SOLUTION

avatar
author-rank hduraiswamy
Super Collaborator

Created ‎05-06-2016 02:49 PM

Because this is the question that I get asked most often times from enterprise customers in the field, here is the answer:

Ranger currently supports resource based and tag based policies for Hive (HDFS files, HBase, etc...), where you can specify a column to be un-authorized for a specific user or user group. This will fail the query by that user/group altogether.

However, there is a work in progress to make queries involving the un-authorized columns to simply mask (redact) the data instead of failing altogether. Here is the jira number https://hortonworks.jira.com/browse/RMP-3705

View solution in original post

2,167 Views
3 REPLIES 3

avatar
author-rank hduraiswamy
Super Collaborator

Created ‎05-06-2016 02:49 PM

Because this is the question that I get asked most often times from enterprise customers in the field, here is the answer:

Ranger currently supports resource based and tag based policies for Hive (HDFS files, HBase, etc...), where you can specify a column to be un-authorized for a specific user or user group. This will fail the query by that user/group altogether.

However, there is a work in progress to make queries involving the un-authorized columns to simply mask (redact) the data instead of failing altogether. Here is the jira number https://hortonworks.jira.com/browse/RMP-3705

2,168 Views

avatar
author-rank bganesan
Rising Star

Created ‎05-06-2016 06:52 PM

@hduraiswamy Authorization and Masking are 2 separate events. You would need access to a column for the query to run. If customer would want to filter columns, best way would be to create views. This is no different than other databases.

If the user has access to column, but the column data should be redacted, then masking would be an appropriate solution.

2,168 Views

avatar
author-rank trumin
New Contributor

Created ‎11-26-2016 12:56 AM

There is an enterprise level high performance data masking for hive at datasunrise www.datasunrise.com/masking/hive/

,

There is an enterprise level high performance data masking for hive at datasunrise

www.datasunrise.com/masking/hive/

2,168 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements