Ranger supports Hive data masking. You can configure a data masking policy to mask the return values of SELECT statements to hide sensitive information from users.
Background information
Procedure
Note The web UI of Ranger varies based on the Ranger version. In this example, Ranger 2.1.0
is used.
You can configure a data masking policy on the emr-hive tab of the Ranger web UI. Pay attention to the following points:
- Multiple data masking methods are supported. For example, you can choose to show only the first or last four characters or use a hashing algorithm to process data.
- Wildcards are not supported. For example, you are not allowed to use asterisks (*) when you configure a table or column in a data masking policy.
- Each data masking policy applies to only one column. If you want to mask data in multiple columns, configure multiple data masking policies.