@Override public void rewriteContext(CubeQueryContext cubeql) throws LensException { log.info("==> Query Authorization enabled : "+ isAuthorizationCheckEnabled); if (isAuthorizationCheckEnabled) { for (Map.Entry<String, Set<String>> entry : cubeql.getTblAliasToColumns().entrySet()) { String alias = entry.getKey(); // skip default alias if (Objects.equals(alias, CubeQueryContext.DEFAULT_TABLE)) { continue; } AbstractCubeTable tbl = cubeql.getCubeTableForAlias(alias); Set<String> queriedColumns = entry.getValue(); Set<String> restrictedFieldsQueried = getRestrictedColumnsFromQuery(((AbstractBaseTable) tbl).getRestrictedColumns(), queriedColumns); log.info("Restricted queriedColumns queried : "+ restrictedFieldsQueried); if (restrictedFieldsQueried != null && !restrictedFieldsQueried.isEmpty()) { for (String col : restrictedFieldsQueried) { AuthorizationUtil.isAuthorized(LensAuthorizer.get().getAuthorizer(), tbl.getName(), col, LensPrivilegeObject.LensPrivilegeObjectType.COLUMN, ActionType.SELECT, cubeql.getConf(), SessionState.getSessionConf()); } } } } log.info("<== Query Authorization enabled : "+ isAuthorizationCheckEnabled); }