You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues-all@impala.apache.org by "Gabor Kaszab (Jira)" <ji...@apache.org> on 2023/06/07 11:55:00 UTC
[jira] [Updated] (IMPALA-12190) Renaming table will cause losing privileges for non-admin users
[ https://issues.apache.org/jira/browse/IMPALA-12190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gabor Kaszab updated IMPALA-12190:
----------------------------------
Priority: Critical (was: Major)
> Renaming table will cause losing privileges for non-admin users
> ---------------------------------------------------------------
>
> Key: IMPALA-12190
> URL: https://issues.apache.org/jira/browse/IMPALA-12190
> Project: IMPALA
> Issue Type: Bug
> Components: Catalog
> Reporter: Gabor Kaszab
> Priority: Critical
> Labels: alter-table, authorization, ranger
>
> Let's say user 'a' gets some privileges on table 't'. When this table gets renamed (even by user 'a') then user 'a' loses its privileges on that table.
>
> Repro steps:
> # Start impala with Ranger
> # start impala-shell as admin (-u admin)
> # create table tmp (i int, s string) stored as parquet;
> # grant all on table tmp to user <username>;
> # grant all on table tmp to user <username>;
> {code:java}
> Query: show grant user <username> on table tmp
> +----------------+----------------+----------+-------+--------+-----+--------------+-------------+-----+-----------+--------------+-------------+
> | principal_type | principal_name | database | table | column | uri | storage_type | storage_uri | udf | privilege | grant_option | create_time |
> +----------------+----------------+----------+-------+--------+-----+--------------+-------------+-----+-----------+--------------+-------------+
> | USER | <username> | default | tmp | * | | | | | all | false | NULL |
> +----------------+----------------+----------+-------+--------+-----+--------------+-------------+-----+-----------+--------------+-------------+
> Fetched 1 row(s) in 0.01s {code}
> # alter table tmp rename to tmp_1234;
> # show grant user <username> on table tmp_1234;
> {code:java}
> Query: show grant user <username> on table tmp_1234
> Fetched 0 row(s) in 0.17s{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org