...
Update the policy created earlier to use the following filter, for group=public, as shown below:
addr_country in (select e.country from emp.employee e
where e.userid = current_user())
Please note that multiple policy-items in the previous use case, one for each user-group, are replaced with a single policy-item in the updated policy below.
Query Results
The query results should be same as the previous use case.
...
Update the policy created earlier to use the following filter, for group=public, as shown below:
...
addr_country in (select ec.country from emp.employee_country ec
where ec.userid = current_user())
Query Results
The query results now will include customers in all countries in the region where the user works – not just the customers in the country where the user works.
...
In this case, since no filter is specified for user falcon, the user will be allowed access all rows.
Query Results
...
Follow the steps given below to create a policy to enforce masking on the column:
...
1. Select ‘Masking’ tab
2. Add a policy with the following details:
Query Results
...
Add a policy with the following details:
Query Results
In addition to earlier masked result on phone_num, date_of_birth columns, the query result will only show null value for name_last column, as shown below.
...
Add a policy with the following details to specify the expression, initcap(reverse({col})), to transform name_first column values. Ensure that the datatype of the expression is same as the datatype of the column. Token ‘{col}’ in the expression will be replaced by Apache Ranger policy engine by the name of the column on which masking is being applied.
Query Results
...