Nested Field Tags ^{(Preview Feature)}

Okera can tag nested data types (specifically, ARRAY and STRUCT types) and have those tags be inherited when used in views that unnest the nested portion. This capability is disabled by default.

For example, if you have a table with the following schema:

id  bigint
s1  struct<
  a1:array<struct<
    f1:string,
    f2:string,
    a2:array<string>
  >>
>

If you tag s1.a1.f1, s1.a1.f2 and s1.a1.a2, the fields retain their tags (attributes) when they are unnested.

In addition, Okera can fully unnest a table and inherit the tags on that object into a view - this is done using the SELECT ** operator.

For example, using a table with the schema shown earlier, you can create the following view (with tags on the three leaf fields):

CREATE VIEW mydb.unnested_view AS SELECT ** FROM mydb.nested_table

This creates a view which has the following schema, with s1_a1_item_f1, s1_a1_item_f2 and s1_a1_item_f2 retaining their tags:

id  bigint
s1_a1_item_f1   string
s1_a1_item_f2   string
s1_a1_item_f2   string

You can then grant access to the view and use normal attribute-based policies and transformations.

To enable this feature, set the FEATURE_UI_TAGS_COMPLEX_TYPES and ENABLE_COMPLEX_TYPE_TAGS configuration parameters to true.

Note: ABAC policies that apply to tags assigned to nested data types are not enforced on the base table, so take care to only give access to unnested views in these cases.

To drop attributes from nested fields, you might issue the following command:

ALTER TABLE <table name> DROP COLUMN ATTRIBUTE <column name> <attribute name>