[
https://issues.apache.org/jira/browse/IMPALA-10478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexandra Dunai updated IMPALA-10478:
-------------------------------------
Description:
SHOW DATABASES and USE works for default database for user who has no privilege
to anything, however SHOW TABLES does not work, which has the exact same
privilege-object relation as the others (ANY-TABLE).
SHOW DATABASES only shows default database in this case (the rest are masked
out), which is the only one he can use however its inconsistent in the case of
SHOW TABLES which throws an unauthorised.
Steps to recreate:
1. Enter impala-shell with user that has no privileges added.
2. Run query "SHOW DATABASES"/'USE default"/"SHOW TABLES".
Expected result:
impala-shell returns an unauthorised for all the above queries.
Actual result:
SHOW DATABASES show default database
USE default works.
SHOW TABLES - authorisation exception
It is understandable that show databases and use work on the default database,
however in this case that makes the authorisation exception that SHOW TABLES
throws when queries on the default database inconsistent.
Reference used:
[https://impala.apache.org/docs/build/html/topics/impala_authorization.html#authorization]
was:
SHOW DATABASES and USE works for default database for user who has no privilege
to anything, however SHOW TABLES does not work, which has the exact same
privilege-object relation as the others (ANY-TABLE).
SHOW DATABASES only shows default database in this case (the rest are masked
out), which is the only one he can use however its inconsistent in the case of
SHOW TABLES which throws an unauthorised.
Steps to recreate:
1. Enter impala-shell with user that has no privileges added.
2. Run query "SHOW DATABASES"/'USE default"/"SHOW TABLES".
Expected result:
impala-shell returns an unauthorised for all the above queries.
Actual result:
SHOW DATABASES show default database
USE default works.
SHOW TABLES - authorisation exception
SHOW CREATE FUNCTION round - works.
It is understandable that show databases and use work on the default database,
however in this case that makes the authorisation exception that SHOW TABLES
throws when queries on the default database inconsistent.
Reference used:
[https://impala.apache.org/docs/build/html/topics/impala_authorization.html#authorization]
> Inconsistencies when user without any privilage uses SHOW TABLES, USE and
> SHOW DATABASES.
> -----------------------------------------------------------------------------------------
>
> Key: IMPALA-10478
> URL: https://issues.apache.org/jira/browse/IMPALA-10478
> Project: IMPALA
> Issue Type: Bug
> Reporter: Alexandra Dunai
> Assignee: Fang-Yu Rao
> Priority: Major
>
> SHOW DATABASES and USE works for default database for user who has no
> privilege to anything, however SHOW TABLES does not work, which has the exact
> same privilege-object relation as the others (ANY-TABLE).
> SHOW DATABASES only shows default database in this case (the rest are masked
> out), which is the only one he can use however its inconsistent in the case
> of SHOW TABLES which throws an unauthorised.
> Steps to recreate:
> 1. Enter impala-shell with user that has no privileges added.
> 2. Run query "SHOW DATABASES"/'USE default"/"SHOW TABLES".
> Expected result:
> impala-shell returns an unauthorised for all the above queries.
> Actual result:
> SHOW DATABASES show default database
> USE default works.
> SHOW TABLES - authorisation exception
> It is understandable that show databases and use work on the default
> database, however in this case that makes the authorisation exception that
> SHOW TABLES throws when queries on the default database inconsistent.
> Reference used:
> [https://impala.apache.org/docs/build/html/topics/impala_authorization.html#authorization]
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
