[SENTRY-849] [column level privilege] without table level privilege and column level privilege for column i, test user can still explain select column from test_tb; - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.5.1
Fix Version/s: None
Component/s: None
Labels:
None

Description

0: jdbc:hive2://anneyu-cdh55-1.vpc.cloudera.c> show grant role test_role on table test_tb;
+-----------+----------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| database  |  table   | partition  | column  | principal_name  | principal_type  | privilege  | grant_option  |    grant_time     | grantor  |
+-----------+----------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| test_db   | test_tb  |            | s       | test_role       | ROLE            | select     | false         | 1439502394526000  | --       |
+-----------+----------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+

However explain "select i from test_tb" shows the column "i" test_user doesn't have privileges.

Attachments

Issue Links

is related to

SENTRY-1396 Restrict "Explain" Hive operation for table level privileges in V2

Patch Available

relates to

SENTRY-896 Restrict "Explain" Hive operation for table level privileges

Open

Activity

People

Assignee:

shenguoquan

Reporter:

Anne Yu

Votes:

1 Vote for this issue

Watchers:

7 Start watching this issue

Dates

Created:

13/Aug/15 22:53

Updated:

09/Feb/18 00:21