Hi,
I am using Apache Ranger to specify masking policies to hide sensitive information from Hadoop users. I manage to use custom masking function like mask, mask_last_n, mask_first_n,....
Now I want to create a custom masking rule for the email address column so that all email name will be replaced by "email". For example: john_doe@gmail.com will become email@gmail.com. The custom masking expression using UDF look like this:
replace({col}, substr({col}, 0, instr({col},"@")), "email")But when I use this custom masking expression, Hive query to that field always cause error:
java.lang.Exception: org.apache.hive.service.cli.HiveSQLException: Error while compiling statement: FAILED: SemanticException Line 0:-1 Invalid function 'replace'
java.lang.Exception: org.apache.hive.service.cli.HiveSQLException: Error while compiling statement: FAILED: SemanticException Line 0:-1 Invalid function 'replace'
at org.apache.ambari.view.hive2.resources.jobs.JobService.getOne(JobService.java:141)
at sun.reflect.GeneratedMethodAccessor1289.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
...
This Ranger document says when select Custom masking type:
Custom – Specify a custom masked value or expression. Custom masking can use any valid Hive UDF (Hive that returns the same data type as the data type in the column being masked).
Masking conditions are evaluated in the order listed in the policy. The condition at the top of the Masking Conditions list is applied first, then the second, then the third, and so on.
As said here , replace is a Hive UDF function which return string similar to the data type of the column. But still it is not possible to use replace.
Can someone help me on how to use Hive UDF function with Custom masking type?
Or if you can help me with masking email address, that would be welcome too.
