Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-10415

SHOW GRANT statement should perform a check for requesting user

    XMLWordPrintableJSON

Details

    • ghx-label-6

    Description

      We found that the SHOW GRANT statement does not really perform a check for the requesting user to determine whether the requesting user is authorized to access the result. Specifically, there is no such check in RangerImpaladAuthorizationManager#getPrivileges().

      Recall that such a check was performed when we were using Sentry as the authorization provider. Refer to SentryImpaladAuthorizationManager#getPrivileges().

      Such an issue is partly due to the fact that we do not have a dedicated Ranger API to check whether a user is a Ranger administrator, which is also currently tracked at RANGER-3127.

      Attachments

        Activity

          People

            fangyurao Fang-Yu Rao
            stigahuang Quanlong Huang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: