Ben Breakstone created IMPALA-7334:
--------------------------------------
Summary: Option to apply standard Sentry privileges to "default"
database
Key: IMPALA-7334
URL: https://issues.apache.org/jira/browse/IMPALA-7334
Project: IMPALA
Issue Type: New Feature
Components: Security
Affects Versions: Impala 2.9.0
Reporter: Ben Breakstone
In a Sentry-secured environment, the "default" database is a special exception
to the database privilege model. The "default" database is always returned by
"show databases", and "use default" always succeeds, regardless of what
privileges the user has on "default." However, Hive has an option to disable
this exception. When sentry.hive.restrict.defaultDB = true, users must have
privileges on the "default" database to show it or use it, just as with other
databases in Hive.
Impala does not have such an option. This feature request is for an equivalent
option in Impala, allowing the database privilege model to be applied uniformly
to the "default" database.
Although the security impact isn't enormous, some users do see the special
behavior of the "default" database as a security hole, so it's worth
implementing.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
