[jira] [Commented] (IMPALA-11743) Investigate how to support the OWNER privilege for UDFs in Impala

[Fang-Yu Rao (Jira)]

    [ 
https://issues.apache.org/jira/browse/IMPALA-11743?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17803730#comment-17803730
 ] 

Fang-Yu Rao commented on IMPALA-11743:
--------------------------------------

This JIRA is related to IMPALA-12578 where we would like to pass to the Ranger 
plug-in the owner of a resource involved in a GRANT/REVOKE statement.

Specifically, in the case when the resource is a user-defined function (UDF), 
Impala has to load this piece of information when instantiating user-defined 
functions in 
[CatalogServiceCatalog.java#loadJavaFunctions()|https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/catalog/CatalogServiceCatalog.java#L1812C16-L1836]
 so that the owner of a UDF will be available in Impala's internal 
representation of it, i.e., 
[Function.java|https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/catalog/Function.java].

On a related note, in 
[hive_metastore.thrift|https://github.com/apache/hive/blob/master/standalone-metastore/metastore-common/src/main/thrift/hive_metastore.thrift],
 Hive already has a field of 'ownerName' for a user-defined function.
{code:java}
struct Function {
  1: string           functionName,
  2: string           dbName,
  3: string           className,
  4: string           ownerName,
  5: PrincipalType    ownerType,
  6: i32              createTime,
  7: FunctionType     functionType,
  8: list<ResourceUri> resourceUris,
  9: optional string  catName
}
{code}
 

> Investigate how to support the OWNER privilege for UDFs in Impala
> -----------------------------------------------------------------
>
>                 Key: IMPALA-11743
>                 URL: https://issues.apache.org/jira/browse/IMPALA-11743
>             Project: IMPALA
>          Issue Type: New Feature
>          Components: Frontend
>            Reporter: Fang-Yu Rao
>            Assignee: Fang-Yu Rao
>            Priority: Major
>
> Currently in Impala a user allowed to create a UDF in a database still has to 
> be explicitly granted the necessary privileges to execute the UDF later in a 
> SELECT query. It would be more convenient if the ownership information of a 
> UDF could also be retrieved during the query analysis of such SELECT queries 
> so that the owner/creator of a UDF will be allowed to execute the UDF without 
> being explicitly granted the necessary privileges on the UDF.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org