Row level security and column masking

[alonahmias]

Is it possible to implement row-level security and column masking using this plugin?

Currently, we are using the OPA plugin with Trino to achieve the following functionalities:

• Column-level security

• Row-level security

• Column masking

We are looking to adopt Druid as well and would like to know if this plugin offers similar capabilities to what we are using with the Trino plugin.

[fhennig]

Hey Alon, thanks for asking! Druid does not offer this level of granularity in their authorization model, so what you're asking for is not possible. You can only grant access to a data source as a whole, not to individual rows or columns. This is a limitation in the Druid upstream and not in this authorizer implementation in particular.

[fhennig]

Depending on your use case you might be able to connect Druid to Trino and then use the authorization in Trino, maybe that works for you!

[lfrancke]

Thanks @fhennig,

just to jump into business mode for a second: We have not looked at how feasible this would be to implement upstream in Druid but if you or your company is interested in sponsoring a contribution please feel free to reach out to me directly and we can look at this directly. I would assume others might be interested in this feature as well.

As mentioned, there is nothing we can do right now with the upstream version as it is today :(

[alonahmias]

Depending on your use case you might be able to connect Druid to Trino and then use the authorization in Trino, maybe that works for you!

Thank you very much for the quick response i really appreciate it, that doesn't help our use case but what your doing here is great. Have a great day

just to jump into business mode for a second: We have not looked at how feasible this would be to implement upstream in Druid but if you or your company is interested in sponsoring a contribution. We are a really small company, and it is not our top priority today, but maybe someday we will ☺️ thanks to you guys