You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by "Anne Yu (JIRA)" <ji...@apache.org> on 2015/08/25 23:54:45 UTC
[jira] [Commented] (SENTRY-846) [column level privilege] show
table extended requires table level privilege
[ https://issues.apache.org/jira/browse/SENTRY-846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14712045#comment-14712045 ]
Anne Yu commented on SENTRY-846:
--------------------------------
Just synced up with some dev members: could we allow all meta data operations on the table to pass even if a user has access to only a subset of columns. In this case, with column level privileges, he can "show table extended in test_db like 'test_tb';", even with all columns'meta data.
> [column level privilege] show table extended requires table level privilege
> ----------------------------------------------------------------------------
>
> Key: SENTRY-846
> URL: https://issues.apache.org/jira/browse/SENTRY-846
> Project: Sentry
> Issue Type: Bug
> Components: Hive Plugin
> Affects Versions: 1.5.1
> Reporter: Anne Yu
>
> use column level privilege,
> {code}
> 0: jdbc:hive2://anneyu-cdh55-1.vpc.cloudera.c> show tables in test_db like 'test_tb';
> +-----------+--+
> | tab_name |
> +-----------+--+
> | test_tb |
> +-----------+--+
> show table extended in test_db like 'test_tb';
> Error: Error while compiling statement: FAILED: SemanticException No valid privileges
> Required privileges for this query: Server=server1->Db=test_db->Table=test_tb->action=insert;Server=server1->Db=test_db->Table=test_tb->action=select; (state=42000,code=40000)
> {code}
> Do we want to let user see their column info ? such as,
> {noformat}
> columns:struct columns { string s, i32 i}
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)