Xiaomin Zhang created IMPALA-9259:
-------------------------------------
Summary: no privileges for select count(*) but select * works
Key: IMPALA-9259
URL: https://issues.apache.org/jira/browse/IMPALA-9259
Project: IMPALA
Issue Type: Bug
Components: Frontend, Security
Reporter: Xiaomin Zhang
When authorization enabled, Impala rejects count(*) but select * still works.
This happens when the role is only granted all columns privileges, but without
SELECT on the table.
Query: show current roles
+-----------+
| role_name |
+-----------+
| guest |
+-----------+
Query: show grant role guest
+----------+------------------+-------+--------+-----+-----------+--------------+-------------------------------+
| scope | database | table | column | uri | privilege | grant_option |
create_time |
+----------+------------------+-------+--------+-----+-----------+--------------+-------------------------------+
| database | _impala_builtins | | | | select | false | Fri, Dec 13 2019
13:45:00.917 |
| database | default | | | | all | false | Tue, Dec 10 2019 15:43:50.497 |
| column | tpch | test | c | | select | false | Fri, Dec 13 2019 09:43:21.112 |
+----------+------------------+-------+--------+-----+-----------+--------------+-------------------------------+
select * from tpch.test;
Query: select * from tpch.test
+-----+
| c |
+-----+
| 100 |
+-----+
Fetched 1 row(s) in 0.23s
select count(*) from tpch.test;
Query: select count(*) from tpch.test
Query submitted at: 2019-12-18 14:16:29
ERROR: AuthorizationException: User 'test' does not have privileges to execute
'SELECT' on: tpch.test
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
