Quanlong Huang created IMPALA-11744:
---------------------------------------
Summary: Table mask view should reserve the original column order
in Hive
Key: IMPALA-11744
URL: https://issues.apache.org/jira/browse/IMPALA-11744
Project: IMPALA
Issue Type: Bug
Components: Security
Affects Versions: Impala 4.1.1, Impala 4.1.0, Impala 4.0.0
Reporter: Quanlong Huang
Assignee: Quanlong Huang
Ranger provides column masking and row filtering policies to mask sensitive
data to specified users/groups. When a table should be masked in a query,
Impala replaces it with a table mask view that expose the columns with masked
expressions.
After IMPALA-9661, only selected columns are exposed in the table mask view.
However, the columns are exposed in the order that they are registered, which
can provide wrong results if the original statement contains STAR expressions.
The following example shows the issue:
{code:sql}
create table mask_test_tbl (a string, b string, c string, d string);
insert into mask_test_tbl values ("aaaa", "bbbb", "cccc", "dddd");
-- Create a column masking policies on column c using Redact
select * from mask_test_tbl;
+------+------+------+------+
| a | b | c | d |
+------+------+------+------+
| aaaa | bbbb | xxxx | dddd |
+------+------+------+------+
{code}
The following query produces incorrect results:
{code:sql}
select b, * from mask_test_tbl;
+------+------+------+------+------+
| b | a | b | c | d |
+------+------+------+------+------+
| bbbb | bbbb | aaaa | xxxx | dddd |
+------+------+------+------+------+
{code}
Note that the results of 2nd and 3rd columns are reverted.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
