Hive - Data Security

> Database > Apache - Hive (HS|Hive Server)

1 - About

Data Security in Hive

3 - Prerequisites

  • HDP >= 2.5
  • Apache Ranger
Advertising

4 - Type

4.1 - Row-level

Relational Data - Row Level Security in Hive with Ranger

  • type of policy: Row Level Filter.
  • The filter must be a valid WHERE clause for the table or view.
  • grain: Each table or view should have its own row-filter policy. (ie Wilcard matching of the database or table is not supported)
  • evaluation order: order listed in the policy
  • exclusion: by users, groups, and conditions

An audit log entry is generated each time a row-level filter is applied to a table or view.

More… see Row Level filtering

4.2 - Column masking

4.2.1 - Ranger Policy

  • type of policy (filter): Masking.
  • Types of masking including the following: show last 4 digits, show first 4 digits, hash, show only year, and NULL.
  • Grain: Each column should have its own masking policy. (ie Wildcard matching of the database, table, or column is not supported.)
  • Evaluation order: order list in the policy.
  • Application: specific users, groups, or conditions.
  • Exclusion users, groups, or conditions
Advertising

4.2.2 - Conf and UDF

  • mask can be added through configuration and UDFs.

5 - Documentation / Reference

db/hive/data_security.txt · Last modified: 2018/07/23 11:05 by gerardnico