Hive - Data Security

Card Puncher Data Processing


Data Security in Hive


  • HDP >= 2.5
  • Apache Ranger



What is Row Level Security? or authorization in Hive with Ranger

  • type of policy: Row Level Filter.
  • The filter must be a valid WHERE clause for the table or view.
  • grain: Each table or view should have its own row-filter policy. (ie Wilcard matching of the database or table is not supported)
  • evaluation order: order listed in the policy
  • exclusion: by users, groups, and conditions

An audit log entry is generated each time a row-level filter is applied to a table or view.

More… see Row Level filtering

Column masking

Ranger Policy

  • type of policy (filter): Masking.
  • Types of masking including the following: show last 4 digits, show first 4 digits, hash, show only year, and NULL.
  • Grain: Each column should have its own masking policy. (ie Wildcard matching of the database, table, or column is not supported.)
  • Evaluation order: order list in the policy.
  • Application: specific users, groups, or conditions.
  • Exclusion users, groups, or conditions

Conf and UDF

  • mask can be added through configuration and UDFs.

Documentation / Reference

Discover More
Card Puncher Data Processing
Hive - Security

in Hive

Share this page:
Follow us:
Task Runner