You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@impala.apache.org by "Quanlong Huang (Jira)" <ji...@apache.org> on 2022/08/16 12:36:00 UTC
[jira] [Created] (IMPALA-11501) Add flag to allow metadata-cache operations on masked tables
Quanlong Huang created IMPALA-11501:
---------------------------------------
Summary: Add flag to allow metadata-cache operations on masked tables
Key: IMPALA-11501
URL: https://issues.apache.org/jira/browse/IMPALA-11501
Project: IMPALA
Issue Type: New Feature
Components: Security
Reporter: Quanlong Huang
"REFRESH <table>" and "INVALIDATE METADATA <table>" are the table level metadata-cache operations that only used in Impala (not Hive, SparkSQL or else).
In Hive-Ranger plugin, when a table is masked (either by column-masking or row-filtering policy) for a user, the user can't perform any modification (insert/delete/update) on the table (RANGER-1087, RANGER-1100). However, Hive doesn't have those metadata-cache operations. It's a grey area whether we should block them or not.
Currently, Impala blocks metadata-cache operations as well (IMPALA-10554, IMPALA-11281). However, it's possible that, before upgrade, some data-consumer jobs already have REFRESH in them. It'd be better to have a flag to allow such operations for smooth upgrade process.
The flag can be something like "allow_refresh_by_masked_users".
CC [~fangyurao], [~csringhofer]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)