0

I need to implement row level security based on user id in Impala. The approach I am following right now is that I have a user to role mapping, and use that to form a master query as follows:

create view dervied_view as 
select *, 1 as roleid from src_table where a = 1 and b = 2
union
select *, 2 as roleid from src_table where a = 1 and b = 3
...
...

And then, have another query as follows:

create view well_known_named_view as 
select * from derived_view where roleid in 
(select roleid from role_mapping table where userid = effective_user());

This way, whenever a user logs in, he just needs to query the well known view, without the need to create a view on a per user/role basis. The problem is that this query times out in Hue (which is where it will be used most often), and takes at least 10 minutes to execute a basic query on in the shell. Is there a better way to make this work?

CodingInCircles
  • 2,565
  • 11
  • 59
  • 84
  • RecordService is the preferred way to implement row-level security as it can be used across processing engines: http://blog.cloudera.com/blog/2015/09/recordservice-for-fine-grained-security-enforcement-across-the-hadoop-ecosystem/ – Jeff Hammerbacher Dec 28 '15 at 14:11
  • RecordService is not a good fit, @JeffHammerbacher. Please take a look at the modified question and let me know if you can think of anything else. Thanks! :) – CodingInCircles Dec 28 '15 at 16:13

0 Answers0