You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues-all@impala.apache.org by "Fang-Yu Rao (Jira)" <ji...@apache.org> on 2019/09/16 22:28:00 UTC

[jira] [Comment Edited] (IMPALA-8587) Show inherited privileges in show grant w/ Ranger

    [ https://issues.apache.org/jira/browse/IMPALA-8587?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16930910#comment-16930910 ] 

Fang-Yu Rao edited comment on IMPALA-8587 at 9/16/19 10:27 PM:
---------------------------------------------------------------

After testing the proposed patch, I found that even we log in to impalad via Impala shell as a non-Ranger super user, the execution of that SQL user could still succeed. For example, if we log in to impalad as a user using
{code:java}
./bin/impala-shell.sh -u random_user;
{code}
The SQL statement in the following could still succeed.
{code:java}
show grant user admin on database functional;
{code}
This seems like a bug since a user that does not correspond to a Ranger super user should not be able to execute this SQL statement successfully.


was (Author: fangyurao):
After testing the proposed patch, I found that even we log in to impalad via Impala shell as a non-Ranger super user, the execution of that SQL user could still succeed. For example, if we log in to impalad as a user using
{code:java}
./bin/impala-shell.sh -u random_user;
{code}
The SQL statement in the following could still succeed.
{code:java}
show grant user admin on database functional;
{code}
This seems like a bug.

> Show inherited privileges in show grant w/ Ranger
> -------------------------------------------------
>
>                 Key: IMPALA-8587
>                 URL: https://issues.apache.org/jira/browse/IMPALA-8587
>             Project: IMPALA
>          Issue Type: Sub-task
>          Components: Frontend
>            Reporter: Austin Nobis
>            Assignee: Fang-Yu Rao
>            Priority: Critical
>
> If an admin has privileges from:
> *grant all on server to user admin;*
>  
> Currently the command below will show no results:
> *show grant user admin on database functional;*
>  
> After the change, the user should see server level privileges from:
> *show grant user admin on database functional;*
>  



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org