impala-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Behm (Code Review)" <ger...@cloudera.org>
Subject [Impala-CR](cdh5-trunk) IMPALA-3797: Relax privilege requirements for creating/dropping functions
Date Wed, 06 Jul 2016 23:10:48 GMT
Alex Behm has posted comments on this change.

Change subject: IMPALA-3797: Relax privilege requirements for creating/dropping functions
......................................................................


Patch Set 1:

(4 comments)

http://gerrit.cloudera.org:8080/#/c/3520/1//COMMIT_MSG
Commit Message:

PS1, Line 15: Creating
Can you summarize the new privilege requirements here and in the JIRA? My understanding is
that CREATE FUNCTION needs CREATE privs on the database and ALL privs on the HDFS URI of the
function library. (similar for DROP)


http://gerrit.cloudera.org:8080/#/c/3520/1/fe/src/main/java/com/cloudera/impala/analysis/CreateFunctionStmtBase.java
File fe/src/main/java/com/cloudera/impala/analysis/CreateFunctionStmtBase.java:

Line 161:     location_.analyze(analyzer, Privilege.ALL, FsAction.READ);
For my understanding, any idea why READ on the location is not sufficient? The CREATE FUNCTION
does not write/create anything in that URL.

In any case, better to be consistent with Hive.


http://gerrit.cloudera.org:8080/#/c/3520/1/fe/src/test/java/com/cloudera/impala/analysis/AuthorizationTest.java
File fe/src/test/java/com/cloudera/impala/analysis/AuthorizationTest.java:

Line 1809
we should still test that the admin can do everything


Line 1813:       sentryService.grantRoleToGroup(USER, "udf_uri", USER.getName());
add tests to demonstrate what SHOW FUNCTIONS commands the udf_uri user can run


-- 
To view, visit http://gerrit.cloudera.org:8080/3520
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ibfe351f4b1575bdf61eeab8395efee834a16145c
Gerrit-PatchSet: 1
Gerrit-Project: Impala
Gerrit-Branch: cdh5-trunk
Gerrit-Owner: Bharath Vissapragada <bharathv@cloudera.com>
Gerrit-Reviewer: Alex Behm <alex.behm@cloudera.com>
Gerrit-Reviewer: Dimitris Tsirogiannis <dtsirogiannis@cloudera.com>
Gerrit-HasComments: Yes

Mime
View raw message