Cloudera Community
nkonzosithole
user rank
New Contributor

Re: masking UFD function for impala

by Explorer in Support Questions
‎10-24-2017 12:45 AM
‎10-24-2017 12:45 AM
this has been resolve, UDFs are the best. I wrote java and C++ codes, they check the current user. if user is not classified, data is masked for classified users it appear as is. --final steps is to create UFS eg hrmask --create a view with sensitive column preffixed with mask function. [localhost.localdomain:21000] > create view redact_m as select Title,GivenName,Surname,hrmask(CCNumber),hrmask(idNumber) from redact; Query: create view redact_m as select Title,GivenName,Surname,hrmask(CCNumber),hrmask(idNumber) from redact Fetched 0 row(s) in 0.41s [localhost.localdomain:21000] > select * from redact_m limit 2; Query: select * from redact_m limit 2 +-------+-----------+---------+------------------+---------------+ | title | givenname | surname | _c3 | _c4 | +-------+-----------+---------+------------------+---------------+ | Title | GivenName | Surname | NULL | NULL | | Ms. | Eva | Howard | 5163458320525980 | 6345832052598 | +-------+-----------+---------+------------------+---------------+ WARNINGS: Error converting column: 3 TO BIGINT (Data is: CCNumber) Error converting column: 4 TO BIGINT (Data is: idNumber) file: hdfs://localhost:8020/test/hive/fake.csv record: Title,GivenName,Surname,CCNumber,idNumber Fetched 2 row(s) in 4.74s [localhost.localdomain:21000] >   results are clear as i logged as admin, but once log as other user, sensitive columns are masked. [localhost.localdomain:21000] > select * from redact_m limit 2; Query: select * from redact_m limit 2 +-------+-----------+---------+----------+----------+ | title | givenname | surname | _c3 | _c4 | +-------+-----------+---------+----------+----------+ | Title | GivenName | Surname | NULL | NULL | | Ms. | Eva | Howard | 99999999 | 99999999 | +-------+-----------+---------+----------+----------+ WARNINGS: Error converting column: 3 TO BIGINT (Data is: CCNumber) Error converting column: 4 TO BIGINT (Data is: idNumber) file: hdfs://localhost:8020/test/hive/fake.csv record: Title,GivenName,Surname,CCNumber,idNumber Fetched 2 row(s) in 0.15s [localhost.localdomain:21000] >   I wish if this could be a built in function coming with sentry by default. ... View more
Contact Me
Online
Offline
Last Visited
‎11-05-2017 08:35 PM
Community Statistics
Member Since ‎09-19-2017 03:43 AM
Last Visited ‎11-05-2017 08:35 PM
Posts 2