Skip to main content

Privacera Documentation

Configure Hive resource policy

This section describes how to configure Hive resource policy, including the Accessed Together and Not Accessed Together policy conditions.

On the Policy Details page, do the following:

  • Database: Specify the database name.

    • Table/UDF: Specify the table or udf name

    • Column: Specify the column name.

      Note

      By default the 'Include' option is selected to allow access for all the above fields. In case you want to deny access, toggle to the 'Exclude' option.

  • URL: Specify the cloud storage path. For example - s3a://user/poc/sales.txt where the end-user permission is needed to read/write the Hive data from/to a cloud storage path.

    • Recursive

    • Non-recursive

  • Global: Specify global dataset.

  • Allow Conditions: In this section, you can specify the policy conditions and permissions for resources.

    • Policy Conditions: This option allows a user to add custom conditions while evaluating authorization requests. Click the Add Conditions button. In the pop-up, you can see the Accessed Together ? and Non Accessed Together ? conditions.

      • Accessed Together ?: This option allows you to access a specified request (minimum two columns) in the query format.

        For example:

        default.employeepersonalview.EMP_SSN, default.employeepersonalview.CC

        Above query allows user to access EMP_SSN & CC columns only when both are mentioned together in the query else it will give denied permission error.

      • Not Accessed Together?: This option denies specified requests (minimum two columns) in the query format.

        For example:

        default.employeepersonalview.EMP_SSN, default.employeepersonalview.CC

        Above query deny user to view EMP_SSN & CC columns data when both are mentioned together in the query and give denied permission error.

    • Permission: Permissions are common for all the resources, add them as per your requirement.

      The list of permissions are:

      • Select

      • Update

      • Create

      • Drop

      • Alter

      • Index

      • Lock

      • All

      • Read

      • Write

      • Data_admin