You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues-all@impala.apache.org by "Fang-Yu Rao (Jira)" <ji...@apache.org> on 2019/09/16 22:28:00 UTC
[jira] [Comment Edited] (IMPALA-8587) Show inherited privileges in
show grant w/ Ranger
[ https://issues.apache.org/jira/browse/IMPALA-8587?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16930910#comment-16930910 ]
Fang-Yu Rao edited comment on IMPALA-8587 at 9/16/19 10:27 PM:
---------------------------------------------------------------
After testing the proposed patch, I found that even we log in to impalad via Impala shell as a non-Ranger super user, the execution of that SQL user could still succeed. For example, if we log in to impalad as a user using
{code:java}
./bin/impala-shell.sh -u random_user;
{code}
The SQL statement in the following could still succeed.
{code:java}
show grant user admin on database functional;
{code}
This seems like a bug since a user that does not correspond to a Ranger super user should not be able to execute this SQL statement successfully.
was (Author: fangyurao):
After testing the proposed patch, I found that even we log in to impalad via Impala shell as a non-Ranger super user, the execution of that SQL user could still succeed. For example, if we log in to impalad as a user using
{code:java}
./bin/impala-shell.sh -u random_user;
{code}
The SQL statement in the following could still succeed.
{code:java}
show grant user admin on database functional;
{code}
This seems like a bug.
> Show inherited privileges in show grant w/ Ranger
> -------------------------------------------------
>
> Key: IMPALA-8587
> URL: https://issues.apache.org/jira/browse/IMPALA-8587
> Project: IMPALA
> Issue Type: Sub-task
> Components: Frontend
> Reporter: Austin Nobis
> Assignee: Fang-Yu Rao
> Priority: Critical
>
> If an admin has privileges from:
> *grant all on server to user admin;*
>
> Currently the command below will show no results:
> *show grant user admin on database functional;*
>
> After the change, the user should see server level privileges from:
> *show grant user admin on database functional;*
>
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org