Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-5674

When using Sentry, it does not have privileges to run SHOW CREATE VIEW including Built-In functions.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Duplicate
    • Impala 2.7.0
    • None
    • None
    • None
    • ghx-label-6

    Description

      Hello, I'm Eastluck.(^ ^)(_ _)

      It does not have privileges to run SHOW CREATE VIEW including Built-in functions even though it has been all privileges its database when using Sentry.

      Here are some examples.

      Impala version

      select version();

impalad version 2.7.0-cdh5.10.0 RELEASE (build 785a073cd07e2540d521ecebb8b38161ccbd2aa2)

Built on Fri Jan 20 12:03:56 PST

      user: user@example.com

      Sentry Information

      URI: server=server1    hdfs://hadoop/xxx/xxx.db  action=ALL
DATABASE: server=server1  db=xxx  action=ALL

      non including Built-in functions by user@example.com

      drop view xxx.vi_test_non_function;
create view xxx.vi_test_non_function as
SELECT
  dau
FROM xxx.daliy_user;
show create view xxx.vi_test_non_function;

+--------------------------------------------+
| result                                     |
+--------------------------------------------+
| CREATE VIEW xxx.vi_test_non_function AS |
| SELECT dau FROM xxx.daliy_user    |
+--------------------------------------------+

      including Built-in functions by user@example.com

      drop view xxx.vi_test_including_sum;
create view xxx.vi_test_including_sum as
SELECT
  SUM(dau) AS DAU
FROM xxx.daliy_user;
show create view vi_test_including_sum;

show create view xxx.vi_test_including_sum;
Query: show create view xxx.vi_test_including_sum
ERROR: AuthorizationException: User 'user@example.com' does not have privileges to see the definition of view 'xxx.vi_test_including_sum'.

      Super users are able to run SHOW CREATE VIEW including Built-in functions.
      Super user Sentry Information

      SERVER: server=server1  action=ALL
URI: server=server1    hdfs://hadoop/xxx/xxx.db  action=ALL
DATABASE: server=server1  db=xxx  action=ALL

      including Built-in functions by super user

      show create view xxx.vi_test_including_sum;
Query: show create view xxx.vi_test_including_sum
+--------------------------------------------------+
| result                                           |
+--------------------------------------------------+
| CREATE VIEW xxxi.vi_test_including_sum AS      |
| SELECT sum(dau) DAU FROM xxx.daliy_user |
+--------------------------------------------------+

      Thank you.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. IMPALA-7325 SHOW CREATE VIEW on a view that references built-in functions requires access to the built-in database

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              Eastluck Eastluck
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: