Help Center/ MapReduce Service/ Component Operation Guide (LTS) (Ankara Region)/ Using Doris/ Permissions Management/ Column Permission Management
Updated on 2024-11-29 GMT+08:00
View PDF
Share

Column Permission Management

Scenarios

You can manage column-level permission in Doris. by adding the enable_col_auth parameter to the custom configuration item of the FE service.

  • Only the Select_priv permission is supported by this function.
  • You must use a user with the Grant_priv permission to manage column permission.
  • If a user with the column-level Select_priv permission runs select * to query table data, it can access only the columns allowed by the permission.
  • If a user with the column-level Select_priv permission runs desc tbl to query table details, it can access only the information of columns allowed by the permission.
  • Column-level permission is also available for views and materialized views.

Prerequisite

  • A cluster containing the Doris service has been created, and all services in the cluster are running properly.
  • The nodes to be connected to the Doris database can communicate with the MRS cluster.
  • The MySQL client has been installed. For details, see Installing a MySQL Client.

Procedure

  1. Log in to FusionInsight Manager, choose Cluster > Services > Doris, and click Configurations and then All Configurations.
  2. Choose FE(Role) > Customization. Enter the custom parameter enable_col_auth, set its value to true, and add it to the fe.conf file.
  3. Click Save and then OK.
  4. Click Instances, select all FE instances, and choose More > Restart Instance.
  5. Log in to the node where MySQL is installed and run the following command to connect to the Doris database:

    If Kerberos authentication is enabled for the cluster (the cluster is in security mode), run the following command to connect to the Doris database:

    export LIBMYSQL_ENABLE_CLEARTEXT_PLUGIN=1

    mysql -uDatabase login username -pDatabase login password -PConnection port for FE queries -hIP address of the Doris FE instance

    • To obtain the query connection port of the Doris FE instance, you can log in to FusionInsight Manager, choose Cluster > Services > Doris > Configurations, and query the value of query_port of the Doris service.
    • To obtain the IP address of the Doris FE instance, log in to FusionInsight Manager of the MRS cluster and choose Cluster > Services > Doris > Instances to view the service IP address of any FE instance.
    • You can also use the MySQL connection software or Doris web UI to connect to the database.

  6. Run the following commands to grant the Select_priv permission:

    • Grant permission to a user.

      GRANT select_priv [(col1, col2...)] ON ctl.db.tbl TO 'user';

    • Grant permission to a role.

      GRANT select_priv [(col1, col2...)] ON ctl.db.tbl TO ROLE 'role';

  7. Check the user permission.

    show grants for user;

  8. Revoke the Select_priv permission.

    • Revoke permission from a user.

      revoke select_priv [(col1, col2...)] ON ctl.db.tbl from 'user';

    • Revoke permission from a role.

      revoke select_priv [(col1, col2...)] ON ctl.db.tbl from ROLE 'role';

  9. Check user permission.

    show grants for user;

Parent topic: Permissions Management