Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-7676

DESCRIBE on table should require VIEW_METADATA privilege

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • Impala 3.0, Impala 2.12.0
    • Impala 3.1.0
    • None
    • ghx-label-2

    Description

      Assume there exists a table foo.bar.

      [localhost:21000] default> create role foo_role;
      [localhost:21000] default> grant role to group test_user;
      [localhost:21000] default> grant create on database foo to role foo_role;
      [localhost:21000] default> describe foo.bar;
      Query: describe foo.bar
      Fetched 0 row(s) in 0.01s
      

      Let's contrast this with "describe database".

      [localhost:21000] default> grant create on server to role foo_role;
      [localhost:21000] default> describe database functional;
      Query: describe database functional
      ERROR: AuthorizationException: User 'test_user' does not have privileges to access: functional
      

      The "describe table" behavior is inconsistent with "describe database" and it's also not a good idea having "create" privilege on a particular table to allow issuing "describe table" on another table although no information is shown on another table. This is also to make the behavior consistent with Hive.

      Attachments

        Activity

          People

            fredyw Fredy Wijaya
            fredyw Fredy Wijaya
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: