Fredy Wijaya has uploaded this change for review. ( http://gerrit.cloudera.org:8080/11279
Change subject: IMPALA-7344: Restrict ALTER DATABASE/TABLE SET OWNER statements ...................................................................... IMPALA-7344: Restrict ALTER DATABASE/TABLE SET OWNER statements Prior to this patch, any user with ALTER privilege could alter the database/table ownership from one user/role to another user/role. This is undesirable because altering an object ownership means giving a full access to that object. This patch restricts the ALTER DATABASE/TABLE SET OWNER statements to require ALL/OWNER with GRANT OPTION when authorization is enabled. Testing: - Added FE authorization tests - Ran all FE tests - Ran core tests Change-Id: I2485933c02b5384950b7c882ba1eb0fd703db5a3 --- M bin/impala-config.sh M fe/src/main/java/org/apache/impala/analysis/AlterDbSetOwnerStmt.java M fe/src/main/java/org/apache/impala/analysis/AlterTableOrViewSetOwnerStmt.java M fe/src/main/java/org/apache/impala/analysis/Analyzer.java M fe/src/main/java/org/apache/impala/analysis/BaseTableRef.java M fe/src/main/java/org/apache/impala/analysis/CollectionTableRef.java M fe/src/main/java/org/apache/impala/analysis/InlineViewRef.java M fe/src/main/java/org/apache/impala/analysis/TableRef.java M fe/src/main/java/org/apache/impala/authorization/AuthorizationChecker.java M fe/src/main/java/org/apache/impala/authorization/PrivilegeRequest.java M fe/src/main/java/org/apache/impala/authorization/PrivilegeRequestBuilder.java M fe/src/main/java/org/apache/impala/catalog/PrincipalPrivilege.java M fe/src/test/java/org/apache/impala/analysis/AnalyzeStmtsTest.java M fe/src/test/java/org/apache/impala/analysis/AuthorizationStmtTest.java 14 files changed, 229 insertions(+), 76 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/79/11279/1 -- To view, visit http://gerrit.cloudera.org:8080/11279 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I2485933c02b5384950b7c882ba1eb0fd703db5a3 Gerrit-Change-Number: 11279 Gerrit-PatchSet: 1 Gerrit-Owner: Fredy Wijaya <[email protected]>
