Description:
We are currently working on implementing authentication and authorization in Apache Druid using the druid-opa-authorizer plugin.
-
Authentication: We successfully configured authentication using Druid’s built-in authenticator (druid-basic-security).
-
Authorization: We are trying to achieve fine-grained access control specifically:
However, it seems that the druid-opa-authorizer plugin only supports allow/deny access at the resource level (e.g., datasource or system-level actions).
We are unable to enforce row-level filters or column masking policies through OPA responses.
Could you please confirm:
-
Whether row-level security and column masking are currently supported by the druid-opa-authorizer plugin?
-
If not, is there any planned support or recommended workaround for these features?
Description:
We are currently working on implementing authentication and authorization in Apache Druid using the druid-opa-authorizer plugin.
Authentication: We successfully configured authentication using Druid’s built-in authenticator (druid-basic-security).
Authorization: We are trying to achieve fine-grained access control specifically:
Row-level filtering (restricting access to specific rows based on user identity or role)
Column-level masking (masking or hiding sensitive columns from specific users)
However, it seems that the druid-opa-authorizer plugin only supports allow/deny access at the resource level (e.g., datasource or system-level actions).
We are unable to enforce row-level filters or column masking policies through OPA responses.
Could you please confirm:
Whether row-level security and column masking are currently supported by the druid-opa-authorizer plugin?
If not, is there any planned support or recommended workaround for these features?