Feat/sensitivity filter #72
Conversation
- Will revert this commit once problem resolved
- Set log level to `info` instead of `debug`
qingyashu
left a comment
There was a problem hiding this comment.
Just left some small comments, but all look good to me, and I also tested in my local, so I just approved it.
| }; | ||
| return resolve( | ||
| root, | ||
| { |
There was a problem hiding this comment.
could you keep the ...args in the second argument? in case it contains some contents other than accessibility, filter, or needEncryptAgg (in future)
There was a problem hiding this comment.
Will do! I hadn't realized that 👍
|
|
||
| return resolve( | ||
| root, | ||
| { |
There was a problem hiding this comment.
same, keep the ...args in the second argument
doc/queries.md
Outdated
| be counted in the aggregation query whether or not it is sensitive. | ||
|
|
||
| To enable Sensitive Record Exclusion, the `tierAccessSensitiveRecordExclusionField` value should be set in Guppy's config. The value of the `tierAccessSensitiveRecordExclusionField` should match a boolean field in the Elasticsearch index that indicates whether or not a record is sensitive. | ||
| (E.g., `tierAccessSensitiveRecordExclusionField: "sensitive"` in the Guppy config tells Guppy to look for a field in the ES index called `sensitive`, and to exclude records in the ES index which have `sensitive: "true"`) |
There was a problem hiding this comment.
this line and the above line could be also put in README.md here and it should be tier_access_sensitive_record_exclusion_field instead of camelCase style.
There was a problem hiding this comment.
Thank you, good catch!!
Resolves PXP-5079: https://ctds-planx.atlassian.net/browse/PXP-5079
Adds feature allowing Guppy to hide sensitive records from _aggregation queries when Tiered Access is enabled. Records are marked 'sensitive' by a boolean field, which is configured by setting
tierAccessSensitiveRecordExclusionField: "fieldName"in the Guppy config.This change is currently deployed end-to-end in my dev commons: https://mpingram.planx-pla.net/ (As in, the dictionary and ETLMapping have also been changed, so that the sensitive boolean field is present in the commons' dictionary and the ETL process transfers this field to the ES index used by Guppy.)
To test this change, see the test plan at
https://github.com/uc-cdis/gen3-qa/blob/6cbddf608ff860f49bfeb1dd5861bdf693a57838/suites/guppy/tier-access-exclude-sensitive-records-testPlan.md
You can use the account
[email protected], which has access to some but not all projects, to test the feature.New Features