I have a similar (very simple) use case: I want to create a table with KPI like data. One column would be country, and I want to restrict user to only see data from their own country.
Its a little trickier than that...
First, MapR-DB JSON or MapR-DB Binary tables?
So with a simple schema you would have a column definition 'country_code' where you would store the country code for the country of the data's origin. Then you would have another column or columns for the corresponding KPI metric data.
If this were a JSON record, the column definitions would be attributes (JSON attribute tags). So you wouldn't be able to restrict a user from Country A from seeing the data because the user has to still have access to the data.
But here's the rub.
In order to read the data from your country, you have to be able to view/traverse the column descriptor.
If you read the link to Hao Zhu's Q/A, he creates views on top of the underlying table where each view is segmented by user. (In your use case, it would be by Country_code). Here you would create groups for each country and assign each user to a member of that country.
While Drill supports the concept of views. (As does Hive), I don't believe that the underlying binary or json tables have such a concept. (I could be wrong...)
So if you want to use views... and ACES you could make it work.
If you don't want to use views or can't...
You could split the data in to different tables based on country code.
Then you restrict the user based on their country code. You would also have to control the query and modify the table name based on the country code of the user.
There's also a different option...
You didn't say anything about your users or how they are planning to access the data.
It could be that they are virtual users and your access to the data is via a service. Here you would have to authenticate the user and then handle the security on your own within the app / service.
Hi Henrik Brondum,
advice on the previous thread, you can consider to structure your MapR-DB table by column family level security. Recommend to check out Provisioning Secure Access Controls in MapR-DB | MapR.
Or per your user case, create the table and use Drill views to custom sql to limit who has access to what row (each country). Please see How can I use views to provide row level security using the current_user function?
Please let us know if the info are helpful or you need further assistance.
Retrieving data ...