Created 02-15-2018 12:25 AM
I want to mask some data. I'm testing in the 2.6.3 sandbox
I have created a tag:
{"category": "CLASSIFICATION", "guid": "bb29dc29-11ba-4d92-8d8f-fdca8ae92ea4", "createdBy": "holger_gov", "updatedBy": "holger_gov", "createTime": 1518326442355, "updateTime": 1518326442355, "version": 1, "name": "test_pii_tag", "description": "test_pii_tag", "typeVersion": "1.0", "attributeDefs": [ {"name": "masking_type", "typeName": "string", "isOptional": true, "cardinality": "SINGLE", "valuesMinCount": 0, "valuesMaxCount": 1, "isUnique": false, "isIndexable": false }, {"name": "last_4", "typeName": "boolean", "isOptional": true, "cardinality": "SINGLE", "valuesMinCount": 0, "valuesMaxCount": 1, "isUnique": false, "isIndexable": false } ], "superTypes": [], }
I have tagged 4 columns on foodmart.customer with test_pii_tag and set the following attributes:
lname (attribute string masking_type = "hash")
fname (attribute string masking_type = "nullify")
address1 (attribute boolean last_4 = true )
birthdate (attribute string masking_type = "year")
I created one Ranger tag policy and set the following deny setting for raj_ops:
Mask: Hive hash
if ( tagAttr.get('masking_type').equals("hash") ) { ctx.result = true; }
Mask: Hive nullify
if ( tagAttr.get('masking_type').equals("nullify") ) { ctx.result = true; }
Mask: Hive Date: show only year
if ( tagAttr.get('masking_type').equals("year") ) { ctx.result = true; }
Mask: Hive Partial mask show last 4
if ( tagAttr.get('last_4').equals("true") ) { ctx.result = true; } -- I also tried the below with the same results if ( tagAttr.get('last_4') ) { ctx.result = true; }
When I run SELECT * FROM customer LIMIT 100; I see the following:
lname is hashed - as expected
fname null - as expected
address1 is hashed - not as expected
birthdate yyyy-01-01 as expected
What is wrong with my javascript expressions to cause address1 to be hashed instead of 'Partial mask show last 4'?
Created 02-19-2018 01:03 AM
I actually figured it out myself.
I needed to use the following JavaScript for the policy conditions:
tagAttr.masking_type=='hash'
tagAttr.masking_type=='nullify'
tagAttr.masking_type=='year'
tagAttr.last_4
Created 02-19-2018 01:03 AM
I actually figured it out myself.
I needed to use the following JavaScript for the policy conditions:
tagAttr.masking_type=='hash'
tagAttr.masking_type=='nullify'
tagAttr.masking_type=='year'
tagAttr.last_4
Created 08-30-2019 03:27 PM
can we use the same on impala or hbase tables