Can we apply masking policy on tagged column data, In my Apache Ranger 0.6. Tag based policy works well and good, when i apply a masking policy on a tagged column. The masking policy won't work. I get error of permission denied.
if we have access level policy on a particular column or table and on top of that policy if we are going to create dynamic masking policy. Masking works.
Let me explain a scenario here ,
let us consider we have "employee" table in "HR" database. I tagged few columns as NPPI data (in Atlas) such as SSN e.t.c. Now i created a tag based policy in Ranger on NPPI. All the columns available in NPPI tag shown properly if those are mentioned in "select" statement.
Now i want to nullify the SSN column, I created a dynamic masking policy on that particular column. When i run a query on "employee" table, it shows permission denied. Ideally it should display the content of SSN as null because in my tag based policy i have given the select privilege on NPPI tag.
Questions:
1. Can we create masking policy which is aligned with Tag Based policy ?
2. Why we need to create an access level policy before creating masking policy, Given Tag based policy is available ?
Thank you in Advance,
Subash
