You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kudu.apache.org by "Grant Henke (Jira)" <ji...@apache.org> on 2020/06/03 16:12:00 UTC
[jira] [Updated] (KUDU-3077) Have client scanners prune the default
projection based on the contents of their authz tokens
[ https://issues.apache.org/jira/browse/KUDU-3077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Grant Henke updated KUDU-3077:
------------------------------
Labels: usability (was: )
> Have client scanners prune the default projection based on the contents of their authz tokens
> ---------------------------------------------------------------------------------------------
>
> Key: KUDU-3077
> URL: https://issues.apache.org/jira/browse/KUDU-3077
> Project: Kudu
> Issue Type: Improvement
> Components: client, security
> Reporter: Andrew Wong
> Priority: Major
> Labels: usability
>
> Today, if a scan is sent that contains a column that, per the sender's authz token, the sender isn't authorized to see, the entire scan is rejected. This is all well and good, but users may not be privy to what columns they are or aren't allowed to scan. So, when the default projection is used (which scans all columns), the scan is bound to be rejected if there are any privilege restrictions.
> It'd be significantly more user-friendly if clients opaquely pruned the default projection of unauthorized columns so that (assuming the authz token is valid) default scans always succeed with just the columns the user is authorized to see.
> Special care should be taken for if the user has no column privileges though; passing an empty projection is taken to return the count of rows (which requires the same privileges as {{COUNT(*)}} which requires the same privileges as {{SELECT(*)}}, i.e. {{SELECT ON TABLE}}) rather than an empty set of rows. In such a case, clients should probably fail immediately, since there are no table privileges an no column privileges in the authz token so any scan would be bound to fail.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)