Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Advanced Search

How to apply Dynamic Masking Policy on Tagged columns in Apache Ranger 0.6

Labels:
subash_sharma
Explorer

Created ‎05-01-2017 11:01 AM

Can we apply masking policy on tagged column data, In my Apache Ranger 0.6. Tag based policy works well and good, when i apply a masking policy on a tagged column. The masking policy won't work. I get error of permission denied.

if we have access level policy on a particular column or table and on top of that policy if we are going to create dynamic masking policy. Masking works.

Let me explain a scenario here ,

let us consider we have "employee" table in "HR" database. I tagged few columns as NPPI data (in Atlas) such as SSN e.t.c. Now i created a tag based policy in Ranger on NPPI. All the columns available in NPPI tag shown properly if those are mentioned in "select" statement.

Now i want to nullify the SSN column, I created a dynamic masking policy on that particular column. When i run a query on "employee" table, it shows permission denied. Ideally it should display the content of SSN as null because in my tag based policy i have given the select privilege on NPPI tag.

Questions:

1. Can we create masking policy which is aligned with Tag Based policy ?

2. Why we need to create an access level policy before creating masking policy, Given Tag based policy is available ?

Thank you in Advance,

Subash

Reply
820 Views
0 Kudos
4 REPLIES 4

slachterman
Guru

Created ‎05-01-2017 07:44 PM

Dynamic Masking is not integrated with tag-based policies in Ranger 0.6 (this is a roadmap item). You can only use resource-based policies with masking and row-level security in that version and in the current releases of HDP.

Reply
543 Views

subash_sharma
Explorer

Created ‎05-02-2017 09:45 AM

Hey @slachterman, Thank you for the update !

Can we apply any patch to get this fixed in Apache Ranger 0.6 as well.

Reply
543 Views
0 Kudos

anjali_shevadka
Explorer

Created ‎08-16-2018 10:46 AM

@subash sharma

Same question. In which ranger version dynamic masking is integrated with tag based policies.

Reply
543 Views
0 Kudos

anjali_shevadka
Explorer

Created ‎08-16-2018 10:46 AM

@subash sharma

Same question. In which ranger version dynamic masking is integrated with tag based policies.

Reply
543 Views
0 Kudos
Don't have an account?
Register
Announcements
Product Announcements
[ANNOUNCE] New Cloudera ODBC 2.6.14 Driver for Impala Released
What's New @ Cloudera
[Preview] Accelerate data pipeline development with self-service, no-code Airflow authoring UI in Cloudera Data Engineering
What's New @ Cloudera
Cloudera Data Engineering introduces bin-packing auto-scaling policy for better cost management
What's New @ Cloudera
Introducing Apache Airflow 2 in Cloudera Data Engineering for end-to-end data pipeline orchestration
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.5.0
View More Announcements