Skip to main content

Privacera Documentation

Table of ContentsTable of Contents

Configure Hive resource policies

Hive supports access, masking, and row level filter policies.

  • Database: Specify the database name.

    • Table/UDF: Specify the table or udf name.

    • Column: Specify the column name.

      Note

      By default the 'Include' option is selected to allow access for all the above fields. In case you want to deny access, toggle to the 'Exclude' option.

  • URL: Specify the cloud storage path. For example - s3a://user/poc/sales.txt where the end-user permission is needed to read/write the Hive data from/to a cloud storage path.

    • Recursive

    • Non-recursive

  • Global: Specify global dataset.

  • Allow Conditions:

    • Policy Conditions: This option allows a user to add custom conditions while evaluating authorization requests.

      • Accessed Together ?: This option allows a user to access a specified request (minimum 2 columns) in the query format.

        For example: default.employeepersonalview.EMP_SSN, default.employeepersonalview.CC

        Above query allows user to access EMP_SSN & CC columns only when both are mentioned together in the query else it will give denied permission error.

      • Not Accessed Together?: This option denies specified requests (minimum 2 columns) in the query format.

        For example: default.employeepersonalview.EMP_SSN, default.employeepersonalview.CC

        Above query deny user to view EMP_SSN & CC columns data when both are mentioned together in the query and give denied permission error.

    • Permission: Add permissions as per the requirement. The list of permissions are -

      • Select:

      • Update:

      • Create:

      • Drop:

      • Alter:

      • Index:

      • Lock:

      • All:

      • Read:

      • Write:

Configure Hive masking policies

  • Hive Database: Select the appropriate database. This field holds the list of Hive databases.

  • Hive Table: Select the appropriate table. This field holds the list of Hive tables.

  • Hive Column: Select the appropriate column. This field holds the list of Hive columns.

  • Masking Conditions:

    • Permissions: Tick the permission as 'Select'. At present, only 'Select' permission is available.

    • Select Masking Options: You are allowed to select only one masking option from the below list -

      • Redact: This option masks all the alphabetic characters with 'x' and all numeric characters with 'n'.

      • Partial mask: show last 4 – This option shows only the last four characters.

      • Partial mask: show first 4 – This option shows only the first four characters.

      • Hash: This option replaces all the characters with '#' of the entire cell value.

      • Nullify: This option replaces all the characters with NULL value.

      • Unmasked (retain original value): This option is used when no masking is required.

      • Date: show only year: This option shows only the year portion of a date string and default the month and day to 01/01.

      • Custom: Using this option you need to mention a custom masked value or expression. Custom masking can use any valid Hive UDF (Hive that returns the same data type as the data type in the column being masked).

Configure Hive row level filter policies

  • Hive Database: Enter the appropriate database name.

  • Hive Table: Enter the appropriate table name.

  • Row Level Conditions:

    • Permissions: Click the Add Permissions and tick as 'Select'. At present, only 'Select' permission is available.

    • Row Level Filter: Click the Add Row Filter and enter the valid SQL predicate for whom the policy will be applied based on selected role/groups/users. Note: Row level filtering works by adding the predicate to the query, if this is not a valid SQL query, then it can be failed. If you do not wish to apply a row level filter then keep this field blank. In this case, only 'Select' access will be applied.