You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@impala.apache.org by "Quanlong Huang (Jira)" <ji...@apache.org> on 2022/08/16 12:36:00 UTC

[jira] [Created] (IMPALA-11501) Add flag to allow metadata-cache operations on masked tables

Quanlong Huang created IMPALA-11501:
---------------------------------------

             Summary: Add flag to allow metadata-cache operations on masked tables
                 Key: IMPALA-11501
                 URL: https://issues.apache.org/jira/browse/IMPALA-11501
             Project: IMPALA
          Issue Type: New Feature
          Components: Security
            Reporter: Quanlong Huang


"REFRESH <table>" and "INVALIDATE METADATA <table>" are the table level metadata-cache operations that only used in Impala (not Hive, SparkSQL or else).

In Hive-Ranger plugin, when a table is masked (either by column-masking or row-filtering policy) for a user, the user can't perform any modification (insert/delete/update) on the table (RANGER-1087, RANGER-1100). However, Hive doesn't have those metadata-cache operations. It's a grey area whether we should block them or not.

Currently, Impala blocks metadata-cache operations as well (IMPALA-10554, IMPALA-11281). However, it's possible that, before upgrade, some data-consumer jobs already have REFRESH in them. It'd be better to have a flag to allow such operations for smooth upgrade process.

The flag can be something like "allow_refresh_by_masked_users".
CC [~fangyurao], [~csringhofer]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)