Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Sentry Column Level REVOKE permissions for impala tables

Sentry Column Level REVOKE permissions for impala tables

Rising Star

Hi,

I've got a databases with 100 tables and a sentry role which has GRANT SELECT on * at the database level.

I now need to restrict access to column A within table X.  

"REVOKE SELECT(A) ON TABLE X FOR ROLE users" does not work (although it run's sucessfully).  This does not work becuase the grant select is done at a higher level (DB level).

The only option I see is removing the select at database level, granting select on 99 tables, then granting select on table X to only given columns. This would also mean any new tables added to the database would need permissions adding each time.

Can anyone think of another option?