Details
Major Description
In a Sentry-secured environment, the "default" database is a special exception to the database privilege model. The "default" database is always returned by "show databases", and "use default" always succeeds, regardless of what privileges the user has on "default." However, Hive has an option to disable this exception. When sentry.hive.restrict.defaultDB = true, users must have privileges on the "default" database to show it or use it, just as with other databases in Hive.
Impala does not have such an option. This feature request is for an equivalent option in Impala, allowing the database privilege model to be applied uniformly to the "default" database.
Although the security impact isn't enormous, some users do see the special behavior of the "default" database as a security hole, so it's worth implementing.