Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
Impala 4.0.0
-
None
-
None
-
ghx-label-2
Description
We found that currently in Impala, to execute a UDF, a user only has to be granted one of the 3 privileges in INSERT, SELECT, REFRESH on the database (i.e., the VIEW_METADATA privilege on the database) where the UDF was created. No additional privilege on the UDF is required. An example of the policy added via Ranger's web UI allowing a user to execute a UDF is also provided here.
The privilege request of VIEW_METADATA on the database is registered within analyzer.getDb(fnName_.getDb(), Privilege.VIEW_METADATA, true). This is the reason why the user has to be granted the VIEW_METADATA privilege on the database to be able to execute the UDF.
Recall that the registration of the privilege mentioned above occurs in FunctionCallExpr#analyzeImpl() where Impala's frontend analyzes the given function in a query.
I noticed in the same method above at https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/analysis/FunctionCallExpr.java#L535, Impala is able to determine whether the current function is a UDF or not. Thus it seems that to fix the problem, we need to additionally register the corresponding privilege request for a UDF (v.s. a built-in function) other than the VIEW_METADATA privilege on the database.
We should thus provide a fix for the issue.
Attachments
Attachments
Issue Links
- is related to
-
IMPALA-11560 Expose effective_user() to be accessible in UDF C++/Java Code
-
- Open
-