[SENTRY-848] [column level privilege] if grant user column level select privilege, DESCRIBE FORMATTED table[.column] shouldn't require extra table level privilege - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Patch Available
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.5.1
Fix Version/s: None
Component/s: None
Labels:
None

Description

create table test_tb(s string, i int);
grant select(s) on table test_tb to role test_role;
grant role test_role to group test_user;

use test_user to login,

describe formatted test_tb s;
Error: Error while compiling statement: FAILED: SemanticException No valid privileges
 Required privileges for this query: Server=server1->Db=test_db->Table=test_tb->action=insert;Server=server1->Db=test_db->Table=test_tb->action=select; (state=42000,code=40000)

How about describe [formatted] test_tb; do we allow test_user to list his permitted columns? for example,

-----------------------------+

col_name

data_type

comment

-----------------------------+

string

-----------------------------+
2 rows selected (0.167 seconds)

However "ANALYZE TABLE test_tb COMPUTE STATISTICS FOR COLUMNS s" is allowed for test_user.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SENTRY-848-001.patch
07/Jun/16 02:16
12 kB
Ke Jia
SENTRY-848-002.patch
07/Jun/16 07:22
12 kB
Ke Jia
SENTRY-848-002.patch
07/Jun/16 05:57
12 kB
Ke Jia
SENTRY-848-003.patch
16/Jun/16 12:20
14 kB
Ke Jia

Issue Links

relates to

SENTRY-1443 Column level permissions improvements

Open

links to

Review Link

Activity

People

Assignee:: Ke Jia

Reporter:: Anne Yu

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 13/Aug/15 22:52

Updated:: 16/Aug/16 21:10