[
https://issues.apache.org/jira/browse/SENTRY-848?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Anne Yu updated SENTRY-848:
---------------------------
Summary: [column level privilege] if grant user column level select
privilege, DESCRIBE FORMATTED table[.column] shouldn't require extra table
level privilege (was: [column level privilege] DESCRIBE FORMATTED test_tb.s
doesn't require table level privilege)
> [column level privilege] if grant user column level select privilege,
> DESCRIBE FORMATTED table[.column] shouldn't require extra table level
> privilege
> -----------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: SENTRY-848
> URL: https://issues.apache.org/jira/browse/SENTRY-848
> Project: Sentry
> Issue Type: Bug
> Affects Versions: 1.5.1
> Reporter: Anne Yu
>
> {code}
> create table test_tb(s string, i int);
> grant select(s) on table test_tb to role test_role;
> grant role test_role to group test_user;
> {code}
> use test_user to login,
> {code}
> describe formatted test_tb s;
> Error: Error while compiling statement: FAILED: SemanticException No valid
> privileges
> Required privileges for this query:
> Server=server1->Db=test_db->Table=test_tb->action=insert;Server=server1->Db=test_db->Table=test_tb->action=select;
> (state=42000,code=40000)
> {code}
> How about describe [formatted] test_tb; do we allow test_user to list his
> permitted columns? for example,
> +-----------+------------+----------+--+
> | col_name | data_type | comment |
> +-----------+------------+----------+--+
> | s | string | |
> +-----------+------------+----------+--+
> 2 rows selected (0.167 seconds)
> However "ANALYZE TABLE test_tb COMPUTE STATISTICS FOR COLUMNS s" is allowed
> for test_user.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
