Quanlong Huang created IMPALA-10483:
---------------------------------------
Summary: Support column-masking/row-filtering policy expressions
that contain subqueries
Key: IMPALA-10483
URL: https://issues.apache.org/jira/browse/IMPALA-10483
Project: IMPALA
Issue Type: New Feature
Components: Security
Reporter: Quanlong Huang
Row-filtering policies are applied as the WHERE clause of the table masking
view of the base table/view. E.g. if table "tblA" contains a row-filtering
policy "id=0", the original query "{{select * from tblA join tblB on (id)}}"
will be analyzed as
{code:sql}
select * from (
select col1, col2, ..., colN from tblA where id = 0
) v join tblB on (id)
{code}
The row-filtering policy expression can also use subqueries, e.g. "{{id =
(select min(id) from tblC)}}". However, if the WHERE clause introduces
subqueries, it will introduce new tables whose metadata is not loaded in
Analyzer's StmtTableCache. So the Analyzer will fail to resolve them and raise
AuthorizationExceptions complaining user doesn't have privilege to SELECT those
tables.
One solution is collecting tables introduced by subqueries of
Column-masking/Row-filtering expressions and also load them in
{{StmtMetadataLoader#loadTables()}}.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
