You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sentry.apache.org by "Anne Yu (JIRA)" <ji...@apache.org> on 2015/08/20 20:06:46 UTC

[jira] [Commented] (SENTRY-849) [column level privilege] without table level privilege and column level privilege for column i, test user can still explain select column from test_tb;

    [ https://issues.apache.org/jira/browse/SENTRY-849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14705447#comment-14705447 ] 

Anne Yu commented on SENTRY-849:
--------------------------------

FYI, some similar failed tests, which incorrectly expose column i:

{code}
explain select * from test_tb;

EXPLAIN SELECT i FROM (SELECT * FROM test_tb) subq1 ORDER BY i;

explain select * from (select s as c from test_tb union all select i as c from test_tb) subq1 order by c;
{code}

> [column level privilege] without table level privilege and column level privilege for column i, test user can still explain select column from test_tb;
> -------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SENTRY-849
>                 URL: https://issues.apache.org/jira/browse/SENTRY-849
>             Project: Sentry
>          Issue Type: Bug
>    Affects Versions: 1.5.1
>            Reporter: Anne Yu
>            Assignee: guoquan
>
> {code}
> 0: jdbc:hive2://anneyu-cdh55-1.vpc.cloudera.c> show grant role test_role on table test_tb;
> +-----------+----------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | database  |  table   | partition  | column  | principal_name  | principal_type  | privilege  | grant_option  |    grant_time     | grantor  |
> +-----------+----------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | test_db   | test_tb  |            | s       | test_role       | ROLE            | select     | false         | 1439502394526000  | --       |
> +-----------+----------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> {code}
> However explain "select i from test_tb" shows the column "i" test_user doesn't have privileges.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)