[
https://issues.apache.org/jira/browse/IMPALA-7001?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16584396#comment-16584396
]
Fredy Wijaya commented on IMPALA-7001:
--------------------------------------
Thinking about this more, I think "show functions" should use ANY instead of
VIEW_METADATA similar to "show tables" and "show databases". Imagine if a user
has a CREATE privilege on a database to create a function in that database but
not being able to see what other functions are available, but will get an
AnalysisException when a function already exists.
> Privilege inconsistency between SHOW TABLES and SHOW FUNCTIONS
> --------------------------------------------------------------
>
> Key: IMPALA-7001
> URL: https://issues.apache.org/jira/browse/IMPALA-7001
> Project: IMPALA
> Issue Type: Bug
> Components: Frontend
> Affects Versions: Impala 2.10.0, Impala 2.11.0, Impala 2.12.0
> Reporter: Fredy Wijaya
> Priority: Major
> Labels: security
>
>
> {noformat}
> > grant create on database functional to role;
> > show tables in functional; -- this is allowed
> > show functions in functional;
> ERROR: AuthorizationException: User 'impdev' does not have privileges to
> access: functional
> {noformat}
> In "show tables", we use ANY privilege whereas we use VIEW_METADATA in "show
> functions".
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
