Redshift-beveiliging
Introductie tot Redshift
Jason Myers
Principal Engineer
Redshift-beveiliging
- Toegangsbeheer op kolomniveau
- Row-level security via policies
- Datamasking via policies
Rechten op kolomniveau
- Verbergt een kolom volledig
- Verifiëren via
SVV_COLUMN_PRIVILEGES
SELECT *
FROM SVV_COLUMN_PRIVILEGES
WHERE relation_name = 'products';
relation_name | column_name | privilege_type | identity_name | identity_type
==============|==============|================|===============|==============
products | product_name | SELECT | amelia | user
products | product_name | SELECT | analytics | role
Row-level security
- Policies die data vooraf filteren
CREATE RLS POLICY policy_books
WITH (category VARCHAR(255))
USING (category = 'Dark Academia');
SELECT product_line, category, product_name
FROM products;
product_line | category | product_name
=============|===============|===================
Books | Dark Academia | A Deadly Education
Row-level security
- SVV_RLS_POLICY om policies te bekijken
SELECT polname AS policy_name,
polatts AS column_details,
polqual AS condition
FROM SVV_RLS_POLICY;
policy_name | column_details | condition
============|================================================|===========================
policy_books | [{"colname":"category","type":"VARCHAR(255)"}] | category = 'Dark Academia'
Admin-weergave voor row-level security
- SVV_RLS_APPLIED_POLICY kan door superusers worden gebruikt om getroffen queries te zien
SELECT username,
command,
relschema,
relname,
polname,
FROM SVV_RLS_APPLIED_POLICY;
username | command | relschema | relname | polname
=========|=========|===========|==========|=============
aashvi | s | public | products | policy_books
Overzicht van Dynamic Masking
- Policy die waarden uit een query maskeert
- Alleen een superuser of iemand met rechten kan ze zien
- Toepassingen
- Nationale ID-nummers (bijv. burgerservicenummer)
- Creditcards
SELECT name, social_security_number
FROM customers;
name | social_security_number
======== | =======================
John Doe | XXX-XX-1234
Jane Doe | XXX-XX-5678
Laten we oefenen!
Introductie tot Redshift
