Restricting access for certain users of Cloudera Data Catalog
To have a fine-grained access to the same user from accessing the assets in Cloudera Data Catalog, you can perform some additional changes. For example, if you want to restrict some users from accessing specific table information, you must set-up a Ranger policy such that these users will not have access to the asset details.
To create the Ranger policy to restrict users from accessing asset details, for example, with a specific classification, refer to the following images:
The following image displays the Deny Conditions set for the specific user.
The result is depicted in the following image, where the user has no permissions to access the specified dataset.
Reducing resource consumption with restricted users
Additionally, when you plan to restrict data access, please note the following:
- Audit summarization for the asset evolves from the Ranger Audit Profiler and Metrics service.
- Various Hive Column Statistical metrics for columns of the asset evolves from
Atlas as part of the
profile_data
of a column.
To ensure that the data related to audit summary and Hive Column Statistics are not visible to the subscribers, you must make sure to turn off the audit profiler and the Hive Column Profiler respectively.