[
https://issues.apache.org/jira/browse/IMPALA-14507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fang-Yu Rao updated IMPALA-14507:
---------------------------------
Description:
Currently Impala requires a requesting user to have the INSERT privilege on a
table, if the requesting user wants to insert a row into the table, even when
the requesting user only wants to insert values into some but not all columns
in the target table. For instance, consider the following query. It may be less
restrictive from a user's perspective, if the requesting user only needs the
INSERT privileges on the columns 'id', 'month', and 'year', but not other
columns, e.g., 'bool_col'.
{code:java}
insert into functional.alltypestiny(id, month, year) values (123, 1, 2025);
{code}
was:
Currently Impala requires a requesting user to have the INSERT privilege on a
table, if the requesting user wants to insert a row into the table, even when
the requesting user only wants to insert values into some but not all columns
in the target table. For instance, consider the following query. It may be less
restrictive from a user's perspective, if the requesting user only needs the
INSERT privileges on the columns 'id', 'month', and 'year', but not other
columns, e.g., 'bool_col'.
{code:java}
insert into functional.alltypestiny(id, month, year) values (123, 1, 2025);
{code}
This especially makes sense in the cases where different users insert data into
different columns of the same table. For instance, when the target table is a
Kudu table that has the following columns. It's possible that a user is taking
care of updating the values of the columns 'bool_col' and 'tinyint_col',
whereas the other user is taking care of updating the values of the columns
'month' and 'year'.
{code:java}
+-----------------+-----------+---------+-------------+------------+----------+---------------+---------------+---------------------+------------+
| name | type | comment | primary_key | key_unique | nullable |
default_value | encoding | compression | block_size |
+-----------------+-----------+---------+-------------+------------+----------+---------------+---------------+---------------------+------------+
| id | int | | true | true | false |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| bool_col | boolean | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| tinyint_col | tinyint | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| smallint_col | smallint | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| int_col | int | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| bigint_col | bigint | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| float_col | float | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| double_col | double | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| date_string_col | string | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| string_col | string | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| timestamp_col | timestamp | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| year | int | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| month | int | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
+-----------------+-----------+---------+-------------+------------+----------+---------------+---------------+---------------------+------------+
{code}
On the other hand, for non-Kudu tables, it looks like Impala does not support
updating different subsets of columns of a target table separately, and thus it
may be okay that we require the INSERT privilege on the whole target table to
insert data into a table.
> Consider lowering the privileges required for inserting data into a table
> -------------------------------------------------------------------------
>
> Key: IMPALA-14507
> URL: https://issues.apache.org/jira/browse/IMPALA-14507
> Project: IMPALA
> Issue Type: Improvement
> Reporter: Fang-Yu Rao
> Assignee: Fang-Yu Rao
> Priority: Minor
>
> Currently Impala requires a requesting user to have the INSERT privilege on a
> table, if the requesting user wants to insert a row into the table, even when
> the requesting user only wants to insert values into some but not all columns
> in the target table. For instance, consider the following query. It may be
> less restrictive from a user's perspective, if the requesting user only needs
> the INSERT privileges on the columns 'id', 'month', and 'year', but not other
> columns, e.g., 'bool_col'.
> {code:java}
> insert into functional.alltypestiny(id, month, year) values (123, 1, 2025);
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
