Created 05-01-2017 11:01 AM
Can we apply masking policy on tagged column data, In my Apache Ranger 0.6. Tag based policy works well and good, when i apply a masking policy on a tagged column. The masking policy won't work. I get error of permission denied.
if we have access level policy on a particular column or table and on top of that policy if we are going to create dynamic masking policy. Masking works.
Let me explain a scenario here ,
let us consider we have "employee" table in "HR" database. I tagged few columns as NPPI data (in Atlas) such as SSN e.t.c. Now i created a tag based policy in Ranger on NPPI. All the columns available in NPPI tag shown properly if those are mentioned in "select" statement.
Now i want to nullify the SSN column, I created a dynamic masking policy on that particular column. When i run a query on "employee" table, it shows permission denied. Ideally it should display the content of SSN as null because in my tag based policy i have given the select privilege on NPPI tag.
Questions:
1. Can we create masking policy which is aligned with Tag Based policy ?
2. Why we need to create an access level policy before creating masking policy, Given Tag based policy is available ?
Thank you in Advance,
Subash
Created 05-01-2017 07:44 PM
Dynamic Masking is not integrated with tag-based policies in Ranger 0.6 (this is a roadmap item). You can only use resource-based policies with masking and row-level security in that version and in the current releases of HDP.
Created 05-02-2017 09:45 AM
Hey @slachterman, Thank you for the update !
Can we apply any patch to get this fixed in Apache Ranger 0.6 as well.
Created 08-16-2018 10:46 AM
@subash sharma
Same question. In which ranger version dynamic masking is integrated with tag based policies.
Created 08-16-2018 10:46 AM
@subash sharma
Same question. In which ranger version dynamic masking is integrated with tag based policies.