[
https://issues.apache.org/jira/browse/IMPALA-7676?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16648153#comment-16648153
]
Fredy Wijaya commented on IMPALA-7676:
--------------------------------------
IMPALA-7676: DESCRIBE on table should require VIEW_METADATA privilege
IMPALA-6479 broke the DESCRIBE's privilege model by changing the
privilege from VIEW_METADATA to ANY in order to support column-level
privileges in DESCRIBE. This caused an issue where having non-
VIEW_METADATA privilege, such as CREATE privilege on a particular
database allows executing a DESCRIBE statement on all tables in the
database. This behavior is also inconsistent with Hive's DESCRIBE
and Impala's DESCRIBE DATABASE privilege models. Although there is not
any security risk for this particular issue since having non-
VIEW METADATA on a particular database always returns an empty result,
fixing this issue will make the behavior consistent with Hive and also
DESCRIBE DATABASE in Impala. This patch fixes the issue by changing the
privilege requirement back from ANY to VIEW_METADATA.
Testing:
- Ran all FE tests
Change-Id: I283e30ebff6d61e779a4cec8284cae0ccb90cc49
Reviewed-on: http://gerrit.cloudera.org:8080/11617
Reviewed-by: Impala Public Jenkins <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>
> DESCRIBE on table should require VIEW_METADATA privilege
> --------------------------------------------------------
>
> Key: IMPALA-7676
> URL: https://issues.apache.org/jira/browse/IMPALA-7676
> Project: IMPALA
> Issue Type: Bug
> Affects Versions: Impala 3.0, Impala 2.12.0
> Reporter: Fredy Wijaya
> Assignee: Fredy Wijaya
> Priority: Major
> Labels: security
> Fix For: Impala 3.1.0
>
>
> Assume there exists a table foo.bar.
> {noformat}
> [localhost:21000] default> create role foo_role;
> [localhost:21000] default> grant role to group test_user;
> [localhost:21000] default> grant create on database foo to role foo_role;
> [localhost:21000] default> describe foo.bar;
> Query: describe foo.bar
> Fetched 0 row(s) in 0.01s
> {noformat}
> Let's contrast this with "describe database".
> {noformat}
> [localhost:21000] default> grant create on server to role foo_role;
> [localhost:21000] default> describe database functional;
> Query: describe database functional
> ERROR: AuthorizationException: User 'test_user' does not have privileges to
> access: functional
> {noformat}
> The "describe table" behavior is inconsistent with "describe database" and
> it's also not a good idea having "create" privilege on a particular table to
> allow issuing "describe table" on another table although no information is
> shown on another table. This is also to make the behavior consistent with
> Hive.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
