Details
-
New Feature
-
Status: Open
-
Major
-
Resolution: Unresolved
-
Impala 4.0.0
-
None
-
None
-
ghx-label-9
Description
This is a follow-up for IMPALA-9234. Row-filtering policies are applied as the WHERE clause of the table masking view of the base table/view. E.g. if table "tblA" contains a row-filtering policy "id=0", the original query "select * from tblA join tblB on (id)" will be analyzed as
select * from ( select col1, col2, ..., colN from tblA where id = 0 ) v join tblB on (id)
Tables containing complex types are more complex in analyzing. Let's say "tblA" contains two columns:
id int | int_array array<int> |
---|---|
0 | [1,2,3] |
1 | [4,5] |
The following queries gets all items of the array column:
-- Good for applying table masking view on tblA select a.item from tblA t, t.int_array a; -- Hard to apply table masking view on tblA select item from tblA.int_array;
The second query uses unrelated collection column directly. So we can't apply the row-filtering policies on the base table. This will leak data, so IMPALA-9234 forbids them.
We can support this by rewritting the second query to the first one. Luckily, we already have a rewritter containing this ability: AcidRewriter in StmtRewriter. With some refactor it can be reused. However, there is a bug (IMPALA-10482) needs to be fixed first.
Attachments
Issue Links
- relates to
-
IMPALA-9234 Support Ranger row filtering policies
- Resolved
- requires
-
IMPALA-10482 Select-star query on unrelative collection column of transactional table hits IllegalStateException
- Resolved