Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Advanced Search
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to apply Dynamic Masking Policy on Tagged columns in Apache Ranger 0.6

How to apply Dynamic Masking Policy on Tagged columns in Apache Ranger 0.6

subash_sharma
Explorer

Created ‎05-01-2017 11:01 AM

Can we apply masking policy on tagged column data, In my Apache Ranger 0.6. Tag based policy works well and good, when i apply a masking policy on a tagged column. The masking policy won't work. I get error of permission denied.

if we have access level policy on a particular column or table and on top of that policy if we are going to create dynamic masking policy. Masking works.

Let me explain a scenario here ,

let us consider we have "employee" table in "HR" database. I tagged few columns as NPPI data (in Atlas) such as SSN e.t.c. Now i created a tag based policy in Ranger on NPPI. All the columns available in NPPI tag shown properly if those are mentioned in "select" statement.

Now i want to nullify the SSN column, I created a dynamic masking policy on that particular column. When i run a query on "employee" table, it shows permission denied. Ideally it should display the content of SSN as null because in my tag based policy i have given the select privilege on NPPI tag.

Questions:

1. Can we create masking policy which is aligned with Tag Based policy ?

2. Why we need to create an access level policy before creating masking policy, Given Tag based policy is available ?

Thank you in Advance,

Subash

Reply
436 Views
0 Kudos
4 REPLIES 4
Highlighted

Re: How to apply Dynamic Masking Policy on Tagged columns in Apache Ranger 0.6

slachterman
Guru

Created ‎05-01-2017 07:44 PM

Dynamic Masking is not integrated with tag-based policies in Ranger 0.6 (this is a roadmap item). You can only use resource-based policies with masking and row-level security in that version and in the current releases of HDP.

Reply
159 Views
Highlighted

Re: How to apply Dynamic Masking Policy on Tagged columns in Apache Ranger 0.6

subash_sharma
Explorer

Created ‎05-02-2017 09:45 AM

Hey @slachterman, Thank you for the update !

Can we apply any patch to get this fixed in Apache Ranger 0.6 as well.

Reply
159 Views
0 Kudos
Highlighted

Re: How to apply Dynamic Masking Policy on Tagged columns in Apache Ranger 0.6

anjali_shevadka
Explorer

Created ‎08-16-2018 10:46 AM

@subash sharma

Same question. In which ranger version dynamic masking is integrated with tag based policies.

Reply
159 Views
0 Kudos
Highlighted

Re: How to apply Dynamic Masking Policy on Tagged columns in Apache Ranger 0.6

anjali_shevadka
Explorer

Created ‎08-16-2018 10:46 AM

@subash sharma

Same question. In which ranger version dynamic masking is integrated with tag based policies.

Reply
159 Views
0 Kudos
Don't have an account?
Register
Coming from Hortonworks? Activate your account here