Hive - Data Security
Table of Contents
About
Data Security in Hive
Articles Related
Prerequisites
- HDP >= 2.5
- Apache Ranger
Type
Row-level
Relational Data - Row Level Security in Hive with Ranger
- type of policy: Row Level Filter.
- The filter must be a valid WHERE clause for the table or view.
- grain: Each table or view should have its own row-filter policy. (ie Wilcard matching of the database or table is not supported)
- evaluation order: order listed in the policy
- exclusion: by users, groups, and conditions
An audit log entry is generated each time a row-level filter is applied to a table or view.
More… see Row Level filtering
Column masking
Ranger Policy
- type of policy (filter): Masking.
- Types of masking including the following: show last 4 digits, show first 4 digits, hash, show only year, and NULL.
- Grain: Each column should have its own masking policy. (ie Wildcard matching of the database, table, or column is not supported.)
- Evaluation order: order list in the policy.
- Application: specific users, groups, or conditions.
- Exclusion users, groups, or conditions
Conf and UDF
- mask can be added through configuration and UDFs.