impala-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eastluck (JIRA)" <j...@apache.org>
Subject [jira] [Created] (IMPALA-5674) When using Sentry, it does not have privileges to run SHOW CREATE VIEW including Built-In functions.
Date Tue, 18 Jul 2017 01:21:00 GMT
Eastluck created IMPALA-5674:
--------------------------------

             Summary: When using Sentry, it does not have privileges to run SHOW CREATE VIEW
including Built-In functions.
                 Key: IMPALA-5674
                 URL: https://issues.apache.org/jira/browse/IMPALA-5674
             Project: IMPALA
          Issue Type: Bug
    Affects Versions: Impala 2.7.0
            Reporter: Eastluck
            Priority: Minor


Hello, I'm Eastluck.(^ ^)(_ _)

It does not have privileges to run SHOW CREATE VIEW including Built-in functions even though
all privileges its database when using Sentry.

Here are some examples.

Impala version
{code}
select version();

impalad version 2.7.0-cdh5.10.0 RELEASE (build 785a073cd07e2540d521ecebb8b38161ccbd2aa2)

Built on Fri Jan 20 12:03:56 PST
{code}

user: user@example.com

Sentry Information
{code}
URI: server=server1    hdfs://hadoop/xxx/xxx.db  action=ALL
DATABASE: server=server1  db=xxx  action=ALL
{code}


non including Built-in functions by user@example.com
{code}
drop view xxx.vi_test_non_function;
create view xxx.vi_test_non_function as
SELECT
  dau
FROM xxx.daliy_user;
show create view xxx.vi_test_non_function;

+--------------------------------------------+
| result                                     |
+--------------------------------------------+
| CREATE VIEW xxx.vi_test_non_function AS |
| SELECT dau FROM xxx.daliy_user    |
+--------------------------------------------+
{code}

including Built-in functions by user@example.com
{code}
drop view xxx.vi_test_including_sum;
create view xxx.vi_test_including_sum as
SELECT
  SUM(dau) AS DAU
FROM xxx.daliy_user;
show create view vi_test_including_sum;

show create view xxx.vi_test_including_sum;
Query: show create view xxx.vi_test_including_sum
ERROR: AuthorizationException: User 'user@example.com' does not have privileges to see the
definition of view 'xxx.vi_test_including_sum'.
{code}


Super users are able to run SHOW CREATE VIEW including Built-in functions.
Super user Sentry Information
{code}
SERVER: server=server1  action=ALL
URI: server=server1    hdfs://hadoop/xxx/xxx.db  action=ALL
DATABASE: server=server1  db=xxx  action=ALL
{code}

including Built-in functions by super user
{code}
show create view xxx.vi_test_including_sum;
Query: show create view xxx.vi_test_including_sum
+--------------------------------------------------+
| result                                           |
+--------------------------------------------------+
| CREATE VIEW xxxi.vi_test_including_sum AS      |
| SELECT sum(dau) DAU FROM xxx.daliy_user |
+--------------------------------------------------+
{code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message