You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues-all@impala.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/07/20 09:37:00 UTC

[jira] [Commented] (IMPALA-7001) Privilege inconsistency between SHOW TABLES and SHOW FUNCTIONS

    [ https://issues.apache.org/jira/browse/IMPALA-7001?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17161073#comment-17161073 ] 

ASF subversion and git services commented on IMPALA-7001:
---------------------------------------------------------

Commit 472f49705d9db315e5704b49e3eda7eed95bd921 in impala's branch refs/heads/master from Adam Tamas
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=472f497 ]

IMPALA-7001: Fix Privilege inconsistency between SHOW TABLES and SHOW FUNCTIONS

In "show tables" ANY privilege was used, whereas in "show functions"
the required privilege was VIEW_METADATA.
To solve the inconsistency "show functions" will use ANY instead of
VIEW_METADATA similar to "show tables".

After this, an user granted only the privilege of CREATE is now able to
execute "show functions" after this patch, making it easier for the
user to manage the functions it creates.

Testing:
-Ran CORE tests.
-Added new tests to check the privilege.

Change-Id: I9ae7546c206daaf98ecc3de449069027c43c6e1a
Reviewed-on: http://gerrit.cloudera.org:8080/16199
Reviewed-by: Impala Public Jenkins <im...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>


> Privilege inconsistency between SHOW TABLES and SHOW FUNCTIONS
> --------------------------------------------------------------
>
>                 Key: IMPALA-7001
>                 URL: https://issues.apache.org/jira/browse/IMPALA-7001
>             Project: IMPALA
>          Issue Type: Bug
>          Components: Frontend
>    Affects Versions: Impala 2.10.0, Impala 2.11.0, Impala 2.12.0
>            Reporter: Fredy Wijaya
>            Assignee: Adam Tamas
>            Priority: Major
>              Labels: newbie, security
>
>  
> {noformat}
> > grant create on database functional to role;
> > show tables in functional; -- this is allowed
> > show functions in functional;
> ERROR: AuthorizationException: User 'impdev' does not have privileges to access: functional
> {noformat}
> In "show tables", we use ANY privilege whereas we use VIEW_METADATA in "show functions".
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org