[
https://issues.apache.org/jira/browse/IMPALA-11743?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17803730#comment-17803730
]
Fang-Yu Rao edited comment on IMPALA-11743 at 1/6/24 12:16 AM:
---------------------------------------------------------------
This JIRA is related to IMPALA-12578 where we would like to pass to the Ranger
plug-in the owner of a resource involved in a GRANT/REVOKE statement.
Specifically, in the case when the resource is a user-defined function (UDF),
Impala has to load this piece of information when instantiating user-defined
functions in
[CatalogServiceCatalog.java#loadJavaFunctions()|https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/catalog/CatalogServiceCatalog.java#L1812C16-L1836]
so that the owner of a UDF will be available in Impala's internal
representation of it, i.e.,
[Function.java|https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/catalog/Function.java].
On a related note, in
[hive_metastore.thrift|https://github.com/apache/hive/blob/master/standalone-metastore/metastore-common/src/main/thrift/hive_metastore.thrift],
Hive already has a field of 'ownerName' for a user-defined function.
{code:java}
struct Function {
1: string functionName,
2: string dbName,
3: string className,
4: string ownerName,
5: PrincipalType ownerType,
6: i32 createTime,
7: FunctionType functionType,
8: list<ResourceUri> resourceUris,
9: optional string catName
}
{code}
On the other hand, when an authorized user is creating a persistent UDF via
Impala, Impala should also pass the requesting user as the owner of the UDF to
Hive MetaStore. This way Impala will be able to load the owner of a UDF in
CatalogServiceCatalog.java#loadJavaFunctions() mentioned above.
was (Author: fangyurao):
This JIRA is related to IMPALA-12578 where we would like to pass to the Ranger
plug-in the owner of a resource involved in a GRANT/REVOKE statement.
Specifically, in the case when the resource is a user-defined function (UDF),
Impala has to load this piece of information when instantiating user-defined
functions in
[CatalogServiceCatalog.java#loadJavaFunctions()|https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/catalog/CatalogServiceCatalog.java#L1812C16-L1836]
so that the owner of a UDF will be available in Impala's internal
representation of it, i.e.,
[Function.java|https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/catalog/Function.java].
On a related note, in
[hive_metastore.thrift|https://github.com/apache/hive/blob/master/standalone-metastore/metastore-common/src/main/thrift/hive_metastore.thrift],
Hive already has a field of 'ownerName' for a user-defined function.
{code:java}
struct Function {
1: string functionName,
2: string dbName,
3: string className,
4: string ownerName,
5: PrincipalType ownerType,
6: i32 createTime,
7: FunctionType functionType,
8: list<ResourceUri> resourceUris,
9: optional string catName
}
{code}
> Investigate how to support the OWNER privilege for UDFs in Impala
> -----------------------------------------------------------------
>
> Key: IMPALA-11743
> URL: https://issues.apache.org/jira/browse/IMPALA-11743
> Project: IMPALA
> Issue Type: New Feature
> Components: Frontend
> Reporter: Fang-Yu Rao
> Assignee: Fang-Yu Rao
> Priority: Major
>
> Currently in Impala a user allowed to create a UDF in a database still has to
> be explicitly granted the necessary privileges to execute the UDF later in a
> SELECT query. It would be more convenient if the ownership information of a
> UDF could also be retrieved during the query analysis of such SELECT queries
> so that the owner/creator of a UDF will be allowed to execute the UDF without
> being explicitly granted the necessary privileges on the UDF.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
