You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@impala.apache.org by "Quanlong Huang (Jira)" <ji...@apache.org> on 2021/02/08 03:16:00 UTC

[jira] [Created] (IMPALA-10483) Support column-masking/row-filtering policy expressions that contain subqueries

Quanlong Huang created IMPALA-10483:
---------------------------------------

             Summary: Support column-masking/row-filtering policy expressions that contain subqueries
                 Key: IMPALA-10483
                 URL: https://issues.apache.org/jira/browse/IMPALA-10483
             Project: IMPALA
          Issue Type: New Feature
          Components: Security
            Reporter: Quanlong Huang


Row-filtering policies are applied as the WHERE clause of the table masking view of the base table/view. E.g. if table "tblA" contains a row-filtering policy "id=0", the original query "{{select * from tblA join tblB on (id)}}" will be analyzed as
{code:sql}
select * from (
  select col1, col2, ..., colN from tblA where id = 0
) v join tblB on (id)
{code}
The row-filtering policy expression can also use subqueries, e.g. "{{id = (select min(id) from tblC)}}". However, if the WHERE clause introduces subqueries, it will introduce new tables whose metadata is not loaded in Analyzer's StmtTableCache. So the Analyzer will fail to resolve them and raise AuthorizationExceptions complaining user doesn't have privilege to SELECT those tables.

One solution is collecting tables introduced by subqueries of Column-masking/Row-filtering expressions and also load them in {{StmtMetadataLoader#loadTables()}}.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)