[Bug] [AUTHZ] masked column cannot be used as a filter condition #5041
Description
Code of Conduct
- I agree to follow this project's Code of Conduct
Search before asking
- I have searched in the issues and found no similar issues.
Describe the bug
There is a table named test_student_02, which contains data of students who are around 18 years old. The "age" column has been hashed for data masking. When using the following SQL query, no data can be retrieved.
var ds4 = spark.sql("select * from user02db.test_student_02 where age > 18");
ds4.explain(true);
'Project [*]
+- 'Filter ('age > 18)
+- 'UnresolvedRelation `user02db`.`test_student_02`
== Analyzed Logical Plan ==
id: int, name: string, sex: boolean, age: string, department: string
Project [id#18, name#19, sex#23, age#24, department#22]
+- Filter (cast(age#24 as int) > 18)
+- SubqueryAlias `user02db`.`test_student_02`
+- Filter (department#22 = IS)
+- RowFilterMarker
+- DataMaskingStage0Marker HiveTableRelation `user02db`.`test_student_02`, org.apache.hadoop.hive.ql.io.orc.OrcSerde, [id#18, name#19, sex#20, age#21, department#22]
+- Project [id#18, name#19, (0 = 0) AS sex#23, md5(cast(cast(age#21 as string) as binary)) AS age#24, department#22]
+- Relation[id#18,name#19,sex#20,age#21,department#22] orc
== Optimized Logical Plan ==
Project [id#18, name#19, true AS sex#23, md5(cast(cast(age#21 as string) as binary)) AS age#24, department#22]
+- Filter ((isnotnull(department#22) && (department#22 = IS)) && (cast(md5(cast(cast(age#21 as string) as binary)) as int) > 18))
+- Relation[id#18,name#19,sex#20,age#21,department#22] orc
Affects Version(s)
master
Kyuubi Server Log Output
No response
Kyuubi Engine Log Output
No response
Kyuubi Server Configurations
No response
Kyuubi Engine Configurations
No response
Additional context
No response
Are you willing to submit PR?
- Yes. I would be willing to submit a PR with guidance from the Kyuubi community to fix.
- No. I cannot submit a PR at this time.