[jira] [Resolved] (IMPALA-10122) Allow view authorization to be deferred until selection time

Tue, 12 Jul 2022 09:08:22 -0700 


     [ 
https://issues.apache.org/jira/browse/IMPALA-10122?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fang-Yu Rao resolved IMPALA-10122.
----------------------------------
    Target Version: Impala 4.2.0
        Resolution: Fixed

Resolve this JIRA since the fix has been merged.

> Allow view authorization to be deferred until selection time
> ------------------------------------------------------------
>
>                 Key: IMPALA-10122
>                 URL: https://issues.apache.org/jira/browse/IMPALA-10122
>             Project: IMPALA
>          Issue Type: New Feature
>          Components: Frontend
>            Reporter: Fang-Yu Rao
>            Assignee: Fang-Yu Rao
>            Priority: Major
>
> Recall that currently Impala performs authorization with Ranger to check 
> whether the requesting user is granted the privilege of {{SELECT}} for the 
> underlying tables when a view is created and thus does not check whether the 
> requesting user is granted the {{SELECT}} privilege on the underlying tables 
> when the view is selected.
> On the other hand, currently a Spark user is not allowed to directly create a 
> view in HMS without involving the Impala frontend, because Spark clients are 
> normal users (v.s. superusers). To relax this restriction, it would be good 
> to allow a Spark user to directly create a view in HMS without involving the 
> Impala frontend. However, it can be seen that the authorization check is 
> skipped for views created in this manner since HMS currently does not possess 
> the capability to perform the authorization. Due to this relaxation, for a 
> view created this way, the authorization of the view needs to be carried out 
> at the selection time to make sure the requesting user is indeed granted the 
> {{SELECT}} privileges on the underlying tables defined in the view.
> There is also a corresponding Hive JIRA at HIVE-24026. Refer to there for 
> further details.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to