-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[doc] add a minimal documentation for OPA RLS capabilities #22424
base: master
Are you sure you want to change the base?
Conversation
Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: roch.
|
Please submit a signed CLA and wrap all paragraphs at 80 columns width. Then we can review in detail |
Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to [email protected]. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding this! This looks good, just some comments
Column masking allow you to denied access to a particular column instead of the entiere tables from your OPA policy. | ||
|
||
for these kind of policies to work, make sure to set `opa.policy.column-masking-uri` in the opa-plugin configuration | ||
|
||
here is an example bellow |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Column masking allow you to denied access to a particular column instead of the entiere tables from your OPA policy. | |
for these kind of policies to work, make sure to set `opa.policy.column-masking-uri` in the opa-plugin configuration | |
here is an example bellow | |
Column masking allows Trino to mask out/obscure the data in some columns for specific users, without | |
outright denying access. This plugin supports fetching column masks from OPA. | |
For these policies to be enabled, make sure to set `opa.policy.column-masking-uri` in the opa-plugin configuration. | |
For instance, a policy configuring column masking may be implemented as below: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry pushed a update before seing your proposal :/
changed have been re-introduced with commit a714606
`https://opa.example.com/v1/data/rowFilters`. | ||
* - `opa.policy.column-masking-uri` | ||
- The **optional** URI for fetching column masks - if not set no masking will be applied, for example, | ||
`https://opa.example.com/v1/data/columnMask`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to [email protected]. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla |
thanks for the advice, it's done |
Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to [email protected]. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla |
specific users, without outright denying access. This plugin supports fetching | ||
column masks from OPA. | ||
|
||
For these policies to be enabled, make sure to set |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Work this into the sentence above like in row filtering
} | ||
``` | ||
|
||
Unlike row filtering, only a **single column mask** may be returned for a given |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as above .. explain what the script does some more and refactor the section here and following into normal sentences.
Can you address the feedback and suggestions @harksin ? |
@cla-bot check |
The cla-bot has been summoned, and re-checked this pull request! |
Co-authored-by: Manfred Moser <[email protected]>
Co-authored-by: Manfred Moser <[email protected]>
Co-authored-by: Manfred Moser <[email protected]>
Co-authored-by: Manfred Moser <[email protected]>
Co-authored-by: Manfred Moser <[email protected]>
Co-authored-by: Manfred Moser <[email protected]>
Co-authored-by: Manfred Moser <[email protected]>
Co-authored-by: Manfred Moser <[email protected]>
Hello mosabua, will do it np, but realy busy these days, it will be beg of august probably. have a great day, |
Description
Add missing docs for OPA security plugin
Release notes
(x) This is not user-visible or is docs only, and no release notes are required.
( ) Release notes are required. Please propose a release note for me.
( ) Release notes are required, with the following suggested text: