[
https://issues.apache.org/jira/browse/IMPALA-6479?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16758588#comment-16758588
]
ASF subversion and git services commented on IMPALA-6479:
---------------------------------------------------------
Commit b795a2c71cec33363fcce116fcb7e00364903c3a in impala's branch
refs/heads/2.x from Adam Holley
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=b795a2c ]
IMPALA-6479: Update DESCRIBE to respect column privileges
Modified the Frontend to filter columns from the DESCRIBE
statement. Additionally, if a user has select on at least
one column, they can run DESCRIBE and see most metadata.
If they do not have full table access, they will not see
location or view query metadata.
Testing:
Added tests to validate users that have one or more column
access can run describe and that the output is filtered
accordingly.
Change-Id: Ic96ae184fccdc88ba970b5adcd501da1966accb9
Reviewed-on: http://gerrit.cloudera.org:8080/9276
Reviewed-by: Alex Behm <alex.b...@cloudera.com>
Tested-by: Impala Public Jenkins
Reviewed-on: http://gerrit.cloudera.org:8080/12292
Reviewed-by: Fredy Wijaya <fwij...@cloudera.com>
Tested-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
> Update DESCRIBE statement to respect column level privileges
> ------------------------------------------------------------
>
> Key: IMPALA-6479
> URL: https://issues.apache.org/jira/browse/IMPALA-6479
> Project: IMPALA
> Issue Type: Improvement
> Components: Frontend
> Reporter: Adam Holley
> Assignee: Adam Holley
> Priority: Major
> Fix For: Impala 3.0
>
>
> Currently if a user is granted select on a subset of columns on a table, the
> DESCRIBE command will show them all columns, and the DESCRIBE
> FORMATTED/EXTENDED is not allowed.
> This change would update the DESCRIBE command that if a user has select on a
> subset of columns, it will only show the data from the columns the user has
> access to. For DESCRIBE FORMATTED/EXTENDED, if a user has some column
> access, but not all columns, the Location, and View * Text would be removed
> from the additional metadata.
> The purpose of this change is to increase consumability by allowing tools
> that allow users to browse data, such a for creating reports, to present only
> columns they have access to. There is also a security aspect to this fix by
> not exposing additional data. Other statements such a SHOW COLUMN STATS,
> will be handled by a separate Jira to be opened.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org
