Vihang Karajgaonkar has posted comments on this change. ( http://gerrit.cloudera.org:8080/14121 )
Change subject: IMPALA-8851: Do not throw authorization exception in drop if exists queries ...................................................................... Patch Set 6: (2 comments) http://gerrit.cloudera.org:8080/#/c/14121/6//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/14121/6//COMMIT_MSG@15 PS6, Line 15: privilige nit, spell-check http://gerrit.cloudera.org:8080/#/c/14121/6/fe/src/main/java/org/apache/impala/analysis/DropTableOrViewStmt.java File fe/src/main/java/org/apache/impala/analysis/DropTableOrViewStmt.java: http://gerrit.cloudera.org:8080/#/c/14121/6/fe/src/main/java/org/apache/impala/analysis/DropTableOrViewStmt.java@115 PS6, Line 115: dbName_, getTbl() I think this logic is faulty and will fail in the following scenario. Lets say user1 has create privileges on database functional and they create tables t1 and t2 Lets assume user2 has select privileges on tables functional.t1 and functional.t2 Now lets say user1 drops functional.t1 which should succeed. user1 should reissue drop if exists functional.t1 should not error out either. However, for user2 a drop if exists functional.t1 will fail with a authorization exception since they don't have the privilege on t1 anymore. However, user2 still has a privilege to know the existance of such a table using show tables in functional; which works and only lists t2. Same applies to db and functions as well. I think this privilege should be registered at the parent level of the object. So, for drop table we should register ANY privilege on db and so on. Let me know if this is not a correct understanding of the problem. -- To view, visit http://gerrit.cloudera.org:8080/14121 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Iba068935e5da92d71e16e2321afdb8e7b781086a Gerrit-Change-Number: 14121 Gerrit-PatchSet: 6 Gerrit-Owner: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Tim Armstrong <[email protected]> Gerrit-Reviewer: Vihang Karajgaonkar <[email protected]> Gerrit-Comment-Date: Tue, 27 Aug 2019 19:10:42 +0000 Gerrit-HasComments: Yes
