2

I need to set up a Ranger policy to restrict a user to access certain array structs from a column in HIVE table.

For example, I have a column called 'Spouse' in a Hive table which contains array structs such as spousefirstname, spouselastname, spousebirthdate, spousessn, spouseaddress, spousebirthplace.

I need to restrict a user to access array structs - spousessn and spouseaddress.

How can I set up a Ranger policy to restrict only those two array structs in column 'Spouse'?

HDP version - 2.6.3

Hive version - 1.2.1

Ranger version - 0.7.0

Dennis Jaheruddin
  • 21,208
  • 8
  • 66
  • 122
  • I'm afraid it is not supported. Although you can define custom Hive masks in RANGER, this is only applicable to strings. The only solutions is to forbid access to the whole column. – Harold Dec 12 '18 at 13:38
  • Thank you for your reply @Harold, I tried setting up masking policies but it did not work. Whereas restricting the whole column is not an option since we need other details too. –  Dec 13 '18 at 02:49

1 Answers1

0

You can change hive code where you need to identify typeInfo object and create individual column names for the nested column and add those to ColumnAccessInfo.add();

It will pass the entire struct columns and you can apply policy on that.

Ankesh Maheshwari
  • 36
  • 5