Adam Holley has posted comments on this change. ( http://gerrit.cloudera.org:8080/9738 )
Change subject: IMPALA-6674: Add CREATE fine-grained privilege ...................................................................... Patch Set 4: (3 comments) http://gerrit.cloudera.org:8080/#/c/9738/4/fe/src/main/java/org/apache/impala/analysis/CreateFunctionStmtBase.java File fe/src/main/java/org/apache/impala/analysis/CreateFunctionStmtBase.java: http://gerrit.cloudera.org:8080/#/c/9738/4/fe/src/main/java/org/apache/impala/analysis/CreateFunctionStmtBase.java@156 PS4, Line 156: AuthorizeableFn(fn_.dbName(), fn_.signatureString()), Privilege.CREATE)); Should also registerPrivReq at the Server level since AuthorizeableFn doesn't have hierarchy. http://gerrit.cloudera.org:8080/#/c/9738/4/fe/src/main/java/org/apache/impala/analysis/CreateFunctionStmtBase.java@155 PS4, Line 155: analyzer.registerPrivReq(new PrivilegeRequest( : new AuthorizeableFn(fn_.dbName(), fn_.signatureString()), Privilege.CREATE)); I think this should be above the builtin check since if they don't have privilege, we should throw that exception instead of the "builtin" exception. http://gerrit.cloudera.org:8080/#/c/9738/4/fe/src/main/java/org/apache/impala/authorization/AuthorizeableFn.java File fe/src/main/java/org/apache/impala/authorization/AuthorizeableFn.java: http://gerrit.cloudera.org:8080/#/c/9738/4/fe/src/main/java/org/apache/impala/authorization/AuthorizeableFn.java@35 PS4, Line 35: public AuthorizeableFn(String dbName, String fnName) { Don't we still need the AuthorizableFn(String fnName) to grant authorization at the server level? -- To view, visit http://gerrit.cloudera.org:8080/9738 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Id540e78fc9201fc1b4e6cac9b81ea54b8ae9eecd Gerrit-Change-Number: 9738 Gerrit-PatchSet: 4 Gerrit-Owner: Fredy Wijaya <[email protected]> Gerrit-Reviewer: Adam Holley <[email protected]> Gerrit-Reviewer: Fredy Wijaya <[email protected]> Gerrit-Comment-Date: Wed, 21 Mar 2018 21:14:52 +0000 Gerrit-HasComments: Yes
