You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues-all@impala.apache.org by "Gabor Kaszab (Jira)" <ji...@apache.org> on 2023/06/07 12:17:00 UTC

[jira] [Assigned] (IMPALA-12190) Renaming table will cause losing privileges for non-admin users

     [ https://issues.apache.org/jira/browse/IMPALA-12190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Gabor Kaszab reassigned IMPALA-12190:
-------------------------------------

    Assignee: Gabor Kaszab

> Renaming table will cause losing privileges for non-admin users
> ---------------------------------------------------------------
>
>                 Key: IMPALA-12190
>                 URL: https://issues.apache.org/jira/browse/IMPALA-12190
>             Project: IMPALA
>          Issue Type: Bug
>          Components: Catalog
>            Reporter: Gabor Kaszab
>            Assignee: Gabor Kaszab
>            Priority: Critical
>              Labels: alter-table, authorization, ranger
>
> Let's say user 'a' gets some privileges on table 't'. When this table gets renamed (even by user 'a') then user 'a' loses its privileges on that table.
>  
> Repro steps:
>  # Start impala with Ranger
>  # start impala-shell as admin (-u admin)
>  # create table tmp (i int, s string) stored as parquet;
>  # grant all on table tmp to user <username>;
>  # grant all on table tmp to user <username>;
> {code:java}
> Query: show grant user <username> on table tmp
> +----------------+----------------+----------+-------+--------+-----+--------------+-------------+-----+-----------+--------------+-------------+
> | principal_type | principal_name | database | table | column | uri | storage_type | storage_uri | udf | privilege | grant_option | create_time |
> +----------------+----------------+----------+-------+--------+-----+--------------+-------------+-----+-----------+--------------+-------------+
> | USER           | <username>    | default  | tmp   | *      |     |              |             |     | all       | false        | NULL        |
> +----------------+----------------+----------+-------+--------+-----+--------------+-------------+-----+-----------+--------------+-------------+
> Fetched 1 row(s) in 0.01s {code}
>  #  alter table tmp rename to tmp_1234;
>  # show grant user <username> on table tmp_1234;
> {code:java}
> Query: show grant user <username> on table tmp_1234
> Fetched 0 row(s) in 0.17s{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org