[
https://issues.apache.org/jira/browse/IMPALA-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Quanlong Huang updated IMPALA-10415:
------------------------------------
Comment: was deleted
(was: Hit a similar crash that may due to the same cause:
{code:java}
[localhost:21050] default> set disable_codegen=true; select "李小龙";
DISABLE_CODEGEN set to true
Traceback (most recent call last):
File "/home/quanlong/workspace/Impala/shell/impala_shell.py", line 2062, in
<module>
impala_shell_main()
File "/home/quanlong/workspace/Impala/shell/impala_shell.py", line 2027, in
impala_shell_main
shell.cmdloop(intro)
File
"/home/quanlong/workspace/Impala/toolchain/toolchain-packages-gcc7.5.0/python-2.7.16/lib/python2.7/cmd.py",
line 141, in cmdloop
line = self.precmd(line)
File "/home/quanlong/workspace/Impala/shell/impala_shell.py", line 631, in
precmd
args = self.sanitise_input(args.decode('utf-8')) # python2
File
"/home/quanlong/workspace/Impala/infra/python/env-gcc7.5.0/lib/python2.7/encodings/utf_8.py",
line 16, in decode
return codecs.utf_8_decode(input, errors, True)
UnicodeEncodeError: 'ascii' codec can't encode characters in position 8-10:
ordinal not in range(128){code})
> SHOW GRANT statement should perform a check for requesting user
> ---------------------------------------------------------------
>
> Key: IMPALA-10415
> URL: https://issues.apache.org/jira/browse/IMPALA-10415
> Project: IMPALA
> Issue Type: Bug
> Components: Frontend, Security
> Reporter: Quanlong Huang
> Assignee: Fang-Yu Rao
> Priority: Major
> Labels: backwards-compatibility, security
>
> We found that the {{SHOW GRANT}} statement does not really perform a check
> for the requesting user to determine whether the requesting user is
> authorized to access the result. Specifically, there is no such check in
> [RangerImpaladAuthorizationManager#getPrivileges()|https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/authorization/ranger/RangerImpaladAuthorizationManager.java#L340-L403].
> Recall that such a check was performed when we were using Sentry as the
> authorization provider. Refer to
> [SentryImpaladAuthorizationManager#getPrivileges()|https://gerrit.cloudera.org/c/15833/8/fe/src/main/java/org/apache/impala/authorization/sentry/SentryImpaladAuthorizationManager.java#b203].
> Such an issue is partly due to the fact that we do not have a dedicated
> Ranger API to check whether a user is a Ranger administrator, which is also
> currently tracked at
> [RANGER-3127|https://issues.apache.org/jira/browse/RANGER-3127].
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
