Hive - Data Security

About

Data Security in Hive

Articles Related

Prerequisites

• HDP >= 2.5
• Apache Ranger

Type

Row-level

What is Row Level Security? or authorization in Hive with Ranger

• type of policy: Row Level Filter.
• The filter must be a valid WHERE clause for the table or view.
• grain: Each table or view should have its own row-filter policy. (ie Wilcard matching of the database or table is not supported)
• evaluation order: order listed in the policy
• exclusion: by users, groups, and conditions

An audit log entry is generated each time a row-level filter is applied to a table or view.

More… see Row Level filtering

Column masking

Ranger Policy

• type of policy (filter): Masking.
• Types of masking including the following: show last 4 digits, show first 4 digits, hash, show only year, and NULL.
• Grain: Each column should have its own masking policy. (ie Wildcard matching of the database, table, or column is not supported.)
• Evaluation order: order list in the policy.
• Application: specific users, groups, or conditions.
• Exclusion users, groups, or conditions

Conf and UDF

• mask can be added through configuration and UDFs.

Documentation / Reference

• https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.1/bk_data-access/content/security_hive.html