Help Center/ MapReduce Service/ Component Operation Guide (LTS)/ Using Flink/ Enterprise-Class Enhancements of Flink/ Row Filter
Updated on 2024-12-13 GMT+08:00
View PDF
Share

Row Filter

This section applies to MRS 3.3.1 or later.

Scenarios

When using Flink SQL, you can set search criteria of rows to authorize a user to access specified rows and hide other rows from them.

Prerequisites

  • Kerberos authentication is enabled for the cluster (the cluster is in security mode). Ranger, Hive, Flink have been installed and are running properly.
  • The user, user group, or role with required permissions have been created, and the user has been added to the hive group.
  • This feature can be used only on the FlinkServer platform.
  • The default dialect is required for Flink SQL.
  • The case of the filter criteria fields must be the same as that of the Flink SQL fields.
  • This feature is not available for Hive view tables.

Configuring Flink SQL Row Filtering

  1. Configuring custom FlinkServer parameters.

    1. Log in to FusionInsight Manager.
    2. Choose Cluster > Services > Flink > Configurations > All Configurations > FlinkServer(Role) > Customization , and locate flink.customized.configs.
    3. Add custom parameter table.ranger.security.authorization, set it to true, click Save, and save the settings.
    4. Click the Instances tab, select all FlinkServer instances, choose More > Restart Instance.

  2. Configure Hive row filter for a specified user. For details, see Hive Row-Level Data Filtering.

    For example, add the search criterion a<>1 to the datagen table in the default database for the test user.

  3. Submit a Flink SQL job through FlinkServer as a user with the required permissions. For details, see Creating a FlinkServer Job.

    The following is a SQL example: 
    CREATE CATALOG myhive WITH (
  'type' = 'hive',
  'hive-version' = '3.1.0',
  'default-database' = 'default',
  'cluster.name' = 'flink_hive'
);
CREATE TABLE print (a INT) WITH ('connector' = 'print');
CREATE TABLE IF NOT EXISTS myhive.`default`.datagen (a INT) WITH (
  'connector' = 'datagen',
  'rows-per-second' = '1'
);
set table.sql-dialect = default;
insert into
  print
select
  *
from
  myhive.`default`.datagen;

    You can view the configured search criteria on the native Flink job page. In the following example, a<>1 has been added to the criteria.