bowenliang123 commented on code in PR #5272:
URL: https://github.com/apache/kyuubi/pull/5272#discussion_r1322246701
##########
extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala:
##########
@@ -434,7 +434,17 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
assert(accessType0 === AccessType.SELECT)
- assert(out.size === 0)
+ assert(out.size === 1)
+ val po1 = out.head
+ assert(po1.actionType === PrivilegeObjectActionType.OTHER)
+ assert(po1.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
+ assertEqualsIgnoreCase(reusedDb)(po1.dbname)
+ assertEqualsIgnoreCase(reusedPartTableShort)(po1.objectName)
+ // ignore this check as it behaves differently across spark versions
+ assert(po1.columns.isEmpty)
+ checkTableOwner(po1)
+ val accessType1 = ranger.AccessType(po1, operationType, isInput = true)
+ assert(accessType1 === AccessType.SELECT)
Review Comment:
+1 for ALTER.
Although the stat is just stats with no guarantee or accuracy or
must-refreshing crossing different engines, they are still part of the table
and should not be changed without any proper privilege checking. ANALYZE TABLE
causes the change in metadata or properties to the table. As we have
ALTERTABLE_SERDEPROPERTIES in OperationType, it's a proper operation type for
such metadata privilege checks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
