You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@impala.apache.org by "Xiaomin Zhang (Jira)" <ji...@apache.org> on 2019/12/29 08:05:00 UTC
[jira] [Created] (IMPALA-9269) Explain on view not allowed with all
column granted on the underlying table
Xiaomin Zhang created IMPALA-9269:
-------------------------------------
Summary: Explain on view not allowed with all column granted on the underlying table
Key: IMPALA-9269
URL: https://issues.apache.org/jira/browse/IMPALA-9269
Project: IMPALA
Issue Type: Bug
Components: Security
Reporter: Xiaomin Zhang
This issue is initially reported in IMPALA-5998 but was marked as "cannot reproduce". I encountered this exact same issue on the upstream:
[localhost:21000] default> show current roles;
Query: show current roles
+-----------+
| role_name |
+-----------+
| guest |
+-----------+
Fetched 1 row(s) in 0.05s
[localhost:21000] default> show grant role guest;
Query: show grant role guest
+----------+------------------+-------+--------+-----+-----------+--------------+-------------------------------+
| scope | database | table | column | uri | privilege | grant_option | create_time |
+----------+------------------+-------+--------+-----+-----------+--------------+-------------------------------+
| database | _impala_builtins | | | | select | false | Fri, Dec 13 2019 13:45:00.917 |
| database | default | | | | all | false | Tue, Dec 10 2019 15:43:50.497 |
| column | tpch | test | c | | select | false | Fri, Dec 13 2019 09:43:21.112 |
+----------+------------------+-------+--------+-----+-----------+--------------+-------------------------------+
Fetched 3 row(s) in 0.01s
[localhost:21000] default> show create table tpch.test;
Query: show create table tpch.test
ERROR: AuthorizationException: User 'test' does not have privileges to access: tpch.test
[localhost:21000] default> select * from tpch.test;
Query: select * from tpch.test
Query submitted at: 2019-12-29 15:56:37 (Coordinator: http://dnode:25000)
Query progress can be monitored at: http://dnode:25000/query_plan?query_id=234e59a328fc8046:e78b625d00000000
+-----+
| c |
+-----+
| 100 |
+-----+
Fetched 1 row(s) in 0.23s
[localhost:21000] default> create view test_view as select * from tpch.test;
Query: create view test_view as select * from tpch.test
Query submitted at: 2019-12-29 15:57:02 (Coordinator: http://dnode:25000)
Query progress can be monitored at: http://dnode:25000/query_plan?query_id=ee48927ef97bdc09:1ec2396100000000
+------------------------+
| summary |
+------------------------+
| View has been created. |
+------------------------+
Fetched 1 row(s) in 0.12s
[localhost:21000] default> select * from test_view;
Query: select * from test_view
Query submitted at: 2019-12-29 15:57:07 (Coordinator: http://dnode:25000)
Query progress can be monitored at: http://dnode:25000/query_plan?query_id=5742d31eee7501ab:2945693500000000
+-----+
| c |
+-----+
| 100 |
+-----+
Fetched 1 row(s) in 5.40s
[localhost:21000] default> explain select * from test_view;
Query: explain select * from test_view
ERROR: AuthorizationException: User 'test' does not have privileges to EXPLAIN this statement.
[localhost:21000] default> show create view test_view;
Query: show create view test_view
ERROR: AuthorizationException: User 'test' does not have privileges to see the definition of view 'default.test_view'.
I think there are 2 issues here:
1) User could not see the VIEW definition after creating it
2) User could not explain the VIEW, even with all columns granted
--
This message was sent by Atlassian Jira
(v8.3.4#803005)