Hive - Data Security

About

Data Security in Hive

Articles Related

Prerequisites

HDP >= 2.5
Apache Ranger

Type

Row-level

What is Row Level Security? or authorization in Hive with Ranger

type of policy: Row Level Filter.
The filter must be a valid WHERE clause for the table or view.
grain: Each table or view should have its own row-filter policy. (ie Wilcard matching of the database or table is not supported)
evaluation order: order listed in the policy
exclusion: by users, groups, and conditions

An audit log entry is generated each time a row-level filter is applied to a table or view.

More… see Row Level filtering

Column masking

Ranger Policy

type of policy (filter): Masking.
Types of masking including the following: show last 4 digits, show first 4 digits, hash, show only year, and NULL.
Grain: Each column should have its own masking policy. (ie Wildcard matching of the database, table, or column is not supported.)
Evaluation order: order list in the policy.
Application: specific users, groups, or conditions.
Exclusion users, groups, or conditions

Conf and UDF

mask can be added through configuration and UDFs.

Documentation / Reference

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.1/bk_data-access/content/security_hive.html