Make column privileges matchable/callable #1
Comments
|
just to confirm, what you are asking is something like this: so asking trino to hide all columns whose name starts with "dev" ? |
|
Yes, though technically I asked for "dev_*", which "dev.*" would indeed match (because . matches _).
Michael
…________________________________
From: Erik Erlandson ***@***.***>
Sent: Saturday, January 15, 2022 1:24 PM
To: os-climate/osc-trino-acl-dsl
Cc: Michael Tiemann; Author
Subject: Re: [os-climate/osc-trino-acl-dsl] Make column privileges matchable/callable (Issue #1)
just to confirm, what you are asking is something like this:
"columns": [
{ "name": "dev.*", "allow": false }
]
so asking trino to hide all columns whose name starts with "dev" ?
—
Reply to this email directly, view it on GitHub<https://url.emailprotection.link/?bJP4OghUr5qE1EUF7EUK3Psp31yXkKxC5FHNAeW0z00BGxYxZl0Up_GOcx_fpb0_TrHjHKm6cqRLmP1ErPD0GPydGsLVIXmwIFb6jZ-9nuOrr0H5mpVleCOnVpPs_v08t>, or unsubscribe<https://url.emailprotection.link/?bG7-fLIOHLF9ekBWh7VJOGAFMjcvvBGhzcwlgUbaswQlAQ3tpb8Ax6dt8yTlD0KTmr8YCRwrB3HNdsjpgSVJ5ozh4rEFxT63sDI-PhB3XSjutBMcEGUyGqPJqelvfxS5ECilW820PTZHqk5-S-ZccKmZdaUDa2zMIITBf7wKmRf8~>.
Triage notifications on the go with GitHub Mobile for iOS<https://url.emailprotection.link/?b93vvrxxFMiIL3aaEZeT1FEDo4ff1nIm3S93M74HChe6oMsjvQxYfvy0INjYS7u2FMe9ddTMaKP63-6NfzGjH_fVMKWZ4WGY8V0YwPxZVTfVo1FS4ve04s9qZpZ4awAgjKFcwCo9eE9NJvenJ6TkrGN_4GTeA60Dx2SZ1BScd4_k~> or Android<https://url.emailprotection.link/?bwU-B7o1UGBPzHAoKA5hX-YU6nt6R47hh3_8HMPKW08nZ4tm-rkZdekFih8adSaIlolX1K6F60Z32RgmcvBYWzPaWnxjzogEdPUobJCj1y-4sZyT_B-NChG2
%20_1GZYBDzw8PDJcos3uXLAK_Haiwidbp-UKkyLlCXKM68K2qknmejC6ePwEZUXvno9Z8XOf5JcrvFAo5kMKScW99QAMxuSjg~~>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
|
Have not yet received a response about whether hidden columns can be given as regex yet |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Rather than forcing users to enumerate every possible column name in the schema, column checks could be checked against a pattern (such as a prefix or regex) or even checked via a (lambda) function.
In this way, a USER1 could create and query all columns that their pattern matches (which might be the prefix '' or the pattern r'*').
USER2 could create and query all columns prefixed with 'quant_' and 'user_', but not '_dev'
USER3 could create and query only columns prefixed with 'user_'
This could extend beyond pattern matching to an arbitrary evaluation function, with all the performance and security problems contained therein.
Thoughts, @erikerlandson ?
The text was updated successfully, but these errors were encountered: