Quanlong Huang has posted comments on this change. ( http://gerrit.cloudera.org:8080/18684 )
Change subject: IMPALA-10122 (Part 2): Allow accessing views created by non-superusers ...................................................................... Patch Set 1: (4 comments) Pretty happy to see this patch, especially we can remove lots of codes. :) http://gerrit.cloudera.org:8080/#/c/18684/1/tests/authorization/test_ranger.py File tests/authorization/test_ranger.py: http://gerrit.cloudera.org:8080/#/c/18684/1/tests/authorization/test_ranger.py@1568 PS1, Line 1568: assert "User '{0}' does not have privileges to execute 'SELECT' on: " \ Should we hide the table name if the user doesn't have VIEW_METADATA privilege on the view? I think SELECT privilege on the view implies VIEW_METADATA privilege on the view. But not sure if SELECT privilege on the view columns also imply VIEW_METADATA on the view. http://gerrit.cloudera.org:8080/#/c/18684/1/tests/authorization/test_ranger.py@1569 PS1, Line 1569: functional.alltypesagg Not sure how the table is picked if there are more than one table fails the privilege check. Can we grant access on the other table "alltypestiny"? It makes sure the reported error is always on "alltypesagg". http://gerrit.cloudera.org:8080/#/c/18684/1/tests/authorization/test_ranger.py@1572 PS1, Line 1572: .format(test_db, test_tbl_1, grantee_user), user=ADMIN) Can we add a test after this line for the same query? Just checking the case if only one column is lack of privilege. http://gerrit.cloudera.org:8080/#/c/18684/1/tests/authorization/test_ranger.py@1582 PS1, Line 1582: "select * from functional.complex_view", user=grantee_user) Can we add another test that the alltypesagg table is granted select but one column of it is denied for access? Just want to see how the error message looks like. -- To view, visit http://gerrit.cloudera.org:8080/18684 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I50a50931c6eeb0feec28c30531b09269622e6aad Gerrit-Change-Number: 18684 Gerrit-PatchSet: 1 Gerrit-Owner: Fang-Yu Rao <[email protected]> Gerrit-Reviewer: Aman Sinha <[email protected]> Gerrit-Reviewer: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Fang-Yu Rao <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Kurt Deschler <[email protected]> Gerrit-Reviewer: Michael Smith <[email protected]> Gerrit-Reviewer: Quanlong Huang <[email protected]> Gerrit-Reviewer: Vincent Tran <[email protected]> Gerrit-Comment-Date: Fri, 01 Jul 2022 01:53:25 +0000 Gerrit-HasComments: Yes
