[doc] add a minimal documentation for OPA RLS capabilities #22424
Conversation
|
Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: roch.
|
|
Please submit a signed CLA and wrap all paragraphs at 80 columns width. Then we can review in detail |
|
Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to [email protected]. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla |
| Column masking allow you to denied access to a particular column instead of the entiere tables from your OPA policy. | ||
|
|
||
| for these kind of policies to work, make sure to set `opa.policy.column-masking-uri` in the opa-plugin configuration | ||
|
|
||
| here is an example bellow |
There was a problem hiding this comment.
| Column masking allow you to denied access to a particular column instead of the entiere tables from your OPA policy. | |
| for these kind of policies to work, make sure to set `opa.policy.column-masking-uri` in the opa-plugin configuration | |
| here is an example bellow | |
| Column masking allows Trino to mask out/obscure the data in some columns for specific users, without | |
| outright denying access. This plugin supports fetching column masks from OPA. | |
| For these policies to be enabled, make sure to set `opa.policy.column-masking-uri` in the opa-plugin configuration. | |
| For instance, a policy configuring column masking may be implemented as below: |
There was a problem hiding this comment.
sorry pushed a update before seing your proposal :/
changed have been re-introduced with commit a714606
| `https://opa.example.com/v1/data/rowFilters`. | ||
| * - `opa.policy.column-masking-uri` | ||
| - The **optional** URI for fetching column masks - if not set no masking will be applied, for example, | ||
| `https://opa.example.com/v1/data/columnMask`. |
|
Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to [email protected]. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla |
thanks for the advice, it's done |
|
Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to [email protected]. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla |
| specific users, without outright denying access. This plugin supports fetching | ||
| column masks from OPA. | ||
|
|
||
| For these policies to be enabled, make sure to set |
There was a problem hiding this comment.
Work this into the sentence above like in row filtering
| } | ||
| ``` | ||
|
|
||
| Unlike row filtering, only a **single column mask** may be returned for a given |
There was a problem hiding this comment.
Same as above .. explain what the script does some more and refactor the section here and following into normal sentences.
|
Can you address the feedback and suggestions @harksin ? |
|
@cla-bot check |
|
The cla-bot has been summoned, and re-checked this pull request! |
Co-authored-by: Manfred Moser <[email protected]>
Co-authored-by: Manfred Moser <[email protected]>
Co-authored-by: Manfred Moser <[email protected]>
Co-authored-by: Manfred Moser <[email protected]>
Co-authored-by: Manfred Moser <[email protected]>
Co-authored-by: Manfred Moser <[email protected]>
Co-authored-by: Manfred Moser <[email protected]>
Co-authored-by: Manfred Moser <[email protected]>
Hello mosabua, will do it np, but realy busy these days, it will be beg of august probably. have a great day, |
Description
Add missing docs for OPA security plugin
Release notes
(x) This is not user-visible or is docs only, and no release notes are required.
( ) Release notes are required. Please propose a release note for me.
( ) Release notes are required, with the following suggested text: