You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by "Anne Yu (JIRA)" <ji...@apache.org> on 2015/08/20 20:06:46 UTC
[jira] [Commented] (SENTRY-849) [column level privilege] without
table level privilege and column level privilege for column i, test user
can still explain select column from test_tb;
[ https://issues.apache.org/jira/browse/SENTRY-849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14705447#comment-14705447 ]
Anne Yu commented on SENTRY-849:
--------------------------------
FYI, some similar failed tests, which incorrectly expose column i:
{code}
explain select * from test_tb;
EXPLAIN SELECT i FROM (SELECT * FROM test_tb) subq1 ORDER BY i;
explain select * from (select s as c from test_tb union all select i as c from test_tb) subq1 order by c;
{code}
> [column level privilege] without table level privilege and column level privilege for column i, test user can still explain select column from test_tb;
> -------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: SENTRY-849
> URL: https://issues.apache.org/jira/browse/SENTRY-849
> Project: Sentry
> Issue Type: Bug
> Affects Versions: 1.5.1
> Reporter: Anne Yu
> Assignee: guoquan
>
> {code}
> 0: jdbc:hive2://anneyu-cdh55-1.vpc.cloudera.c> show grant role test_role on table test_tb;
> +-----------+----------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | database | table | partition | column | principal_name | principal_type | privilege | grant_option | grant_time | grantor |
> +-----------+----------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | test_db | test_tb | | s | test_role | ROLE | select | false | 1439502394526000 | -- |
> +-----------+----------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> {code}
> However explain "select i from test_tb" shows the column "i" test_user doesn't have privileges.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)