Improve addColumnMasks efficiency

BryanCutler · BryanCutler · commit 1abad211d8f8 · 2025-04-28T13:29:31.000-07:00
This improves plan rewrite for column masks to only build a new root
node once, instead of creating a plan builder for each mask.

Add documentation for row filters and column masks access control implementation.
diff --git a/presto-docs/src/main/sphinx/develop/system-access-control.rst b/presto-docs/src/main/sphinx/develop/system-access-control.rst
@@ -29,6 +29,16 @@ name which is used by the administrator in a Presto configuration.
 The implementation of ``SystemAccessControl`` and ``SystemAccessControlFactory``
 must be wrapped as a plugin and installed on the Presto cluster.
 
+Row Filters and Column Masks
+----------------------------
+
+The access control implementation can optionally provide row filters and column masks to
+control viewing of specific rows or mask sensitive values in columns. The filters
+and masks are retrieved per table from the given ``Identity``, schema, table, and
+column names. The returned filters and masks will be in the form of a ``ViewExpression``
+that is then applied to the query plan before execution. Filters and masks can also be
+supplied at the connector level from a ``ConnectorAccessControl`` implementation.
+
 Configuration
 -------------
 
diff --git a/presto-main-base/src/main/java/com/facebook/presto/sql/planner/RelationPlanner.java b/presto-main-base/src/main/java/com/facebook/presto/sql/planner/RelationPlanner.java
@@ -249,34 +249,41 @@ private RelationPlan addColumnMasks(Table table, RelationPlan plan, SqlPlannerCo
     {
         Map<String, Expression> columnMasks = analysis.getColumnMasks(table);
 
+        PlanBuilder planBuilder = initializePlanBuilder(plan);
         List<VariableReferenceExpression> mappings = plan.getFieldMappings();
-        TranslationMap translations = new TranslationMap(plan, analysis, lambdaDeclarationToVariableMap);
-        translations.setFieldMappings(mappings);
+        ImmutableList.Builder<VariableReferenceExpression> newMappings = ImmutableList.builder();
 
-        PlanBuilder planBuilder = new PlanBuilder(translations, plan.getRoot());
+        Assignments.Builder assignments = new Assignments.Builder();
+        for (VariableReferenceExpression variableReferenceExpression : planBuilder.getRoot().getOutputVariables()) {
+            assignments.put(variableReferenceExpression, rowExpression(new SymbolReference(variableReferenceExpression.getName()), context));
+        }
 
         for (int i = 0; i < plan.getDescriptor().getAllFieldCount(); i++) {
             Field field = plan.getDescriptor().getFieldByIndex(i);
 
+            VariableReferenceExpression fieldMapping;
+            RowExpression rowExpression;
             if (field.getName().isPresent() && columnMasks.containsKey(field.getName().get())) {
                 Expression mask = columnMasks.get(field.getName().get());
-
                 planBuilder = subqueryPlanner.handleSubqueries(planBuilder, mask, mask, context);
-
-                Map<VariableReferenceExpression, RowExpression> assignments = new LinkedHashMap<>();
-                for (VariableReferenceExpression variableReferenceExpression : planBuilder.getRoot().getOutputVariables()) {
-                    assignments.put(variableReferenceExpression, rowExpression(new SymbolReference(variableReferenceExpression.getName()), context));
-                }
-                assignments.put(mappings.get(i), rowExpression(translations.rewrite(mask), context));
-
-                planBuilder = planBuilder.withNewRoot(new ProjectNode(
-                        idAllocator.getNextId(),
-                        planBuilder.getRoot(),
-                        Assignments.copyOf(assignments)));
+                fieldMapping = newVariable(variableAllocator, field);
+                rowExpression = rowExpression(planBuilder.rewrite(mask), context);
             }
+            else {
+                fieldMapping = mappings.get(i);
+                rowExpression = rowExpression(createSymbolReference(fieldMapping), context);
+            }
+
+            assignments.put(fieldMapping, rowExpression);
+            newMappings.add(fieldMapping);
         }
 
-        return new RelationPlan(planBuilder.getRoot(), plan.getScope(), mappings);
+        planBuilder = planBuilder.withNewRoot(new ProjectNode(
+                idAllocator.getNextId(),
+                planBuilder.getRoot(),
+                assignments.build()));
+
+        return new RelationPlan(planBuilder.getRoot(), plan.getScope(), newMappings.build());
     }
 
     @Override
