Can we apply masking policy on tagged column data, In my Apache Ranger 0.6. Tag based policy works well and good, when i apply a masking policy on a tagged column. The masking policy won't work. I get error of permission denied.
if we have access level policy on a particular column or table and on top of that policy if we are going to create dynamic masking policy. Masking works.
Let me explain a scenario here ,
let us consider we have "employee" table in "HR" database. I tagged few columns as NPPI data (in Atlas) such as SSN e.t.c. Now i created a tag based policy in Ranger on NPPI. All the columns available in NPPI tag shown properly if those are mentioned in "select" statement.
Now i want to nullify the SSN column, I created a dynamic masking policy on that particular column. When i run a query on "employee" table, it shows permission denied. Ideally it should display the content of SSN as null because in my tag based policy i have given the select privilege on NPPI tag.
1. Can we create masking policy which is aligned with Tag Based policy ?
2. Why we need to create an access level policy before creating masking policy, Given Tag based policy is available ?
Thank you in Advance,
Dynamic Masking is not integrated with tag-based policies in Ranger 0.6 (this is a roadmap item). You can only use resource-based policies with masking and row-level security in that version and in the current releases of HDP.