Fang-Yu Rao has posted comments on this change. ( http://gerrit.cloudera.org:8080/19252 )
Change subject: IMPALA-11728: Set fallback database for functions ...................................................................... Patch Set 13: > Patch Set 13: -Code-Review > > > Just a minor question, FALLBACK_DB_FOR_FUNCTIONS brings flexibility > > to FUNCTION calls, but it breaks the isolation between different > > databases, we can still use the Apache Ranger for authorization of > > those FUNCTIONs to implement the isolation, right? Has this been > > tested? > > That is a very good point, Impala should not allow using functions in the > fallback database unless the user has some privileges on the given database. > > Note that there is an open review related to the authorization of UDFs: > https://gerrit.cloudera.org/#/c/19194/ > > An example authorization test which deals with UDF + sets a query option: > https://github.com/apache/impala/blob/52956bae141acf2ecdd7b28ff7edb4d2f2fe3f10/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java#L2932 > > Note that the AuthorizationStmtTest test suite can be extremely slow to run. We could probably add a new end-to-end test in tests/authorization/test_ranger.py as briefly described in the following if we would like to verify Impala's behavior with respect to authorization when the query option of 'FALLBACK_DB_FOR_FUNCTIONS' is set. 1. As the user 'admin', execute "create database test_db". 2. As the user 'admin', execute "create function test_db.identity(bigint) returns bigint location '/test-warehouse/impala-hive-udfs.jar' symbol='org.apache.impala.TestUdf'". 3. As the user 'non_owner', execute "select identity(1)". Verify that the error message is "ERROR: AuthorizationException: User 'non_owner' does not have privileges to access: default". 4. As the user 'admin', execute "grant refresh on database default to user non_owner" and "refresh authorization". 5. As the user 'non_owner', execute "select identity(1)". Verify that the error message is "ERROR: AnalysisException: default.identity() unknown for database default. Currently this db has 0 functions." 6. As the user 'non_owner', execute "set FALLBACK_DB_FOR_FUNCTIONS=test_db" and then "select identity(1)". Verify that the error message is "ERROR: AuthorizationException: User 'non_owner' does not have privileges to access: test_db". 7. As the user 'admin', execute "grant refresh on database test_db to user non_owner" and "refresh authorization". 8. As the user 'non_owner', execute "select identity(1)". Verify that the query could be correctly executed. That is, the result should be 1. Note that currently in order for the user <user_name> to execute a UDF in the database <db_name>, the requesting user has to be granted one of the SELECT, REFRESH, INSERT privileges on all the tables and all the columns in the database. This could be done by an administrator (e.g., the user 'admin') submitting to Impala server the command "grant <privilege> on database <db_name> to user <user_name>" where <privilege> is SELECT, REFRESH, or INSERT. There is a similar end-to-end test at https://gerrit.cloudera.org/c/19194/8/tests/authorization/test_ranger.py#1154 written for IMPALA-10986. The name of the new test suggested above could be something like "test_select_function_with_fallback_db". -- To view, visit http://gerrit.cloudera.org:8080/19252 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I37b7e126718fea1c50723cacbaed898b20bb55e5 Gerrit-Change-Number: 19252 Gerrit-PatchSet: 13 Gerrit-Owner: Xiaoqing Gao <[email protected]> Gerrit-Reviewer: Anonymous Coward <[email protected]> Gerrit-Reviewer: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Fang-Yu Rao <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Quanlong Huang <[email protected]> Gerrit-Reviewer: Xiaoqing Gao <[email protected]> Gerrit-Comment-Date: Fri, 25 Nov 2022 06:36:03 +0000 Gerrit-HasComments: No
