[I] [Bug report] select table operation is forbidden when the user is the table owner with USE_CATALOG, USE_SCHEMA permission [gravitino]

via GitHub Wed, 29 Apr 2026 04:09:28 -0700


danhuawang opened a new issue, #10902:
URL: https://github.com/apache/gravitino/issues/10902


   ### Version
   
   main branch
   
   ### Describe what's wrong
   
   select table operation is forbidden when the user is the table owner with 
USE_CATALOG, USE_SCHEMA permission 
   
   loadView permission is asked.
   
   But it can load table through gravitino API.
   
   ```
   trino --server http://35.190.166.193:8080 --debug
   trino> USE gravitino_irc.product_s3; 
   USE
   trino:product_s3> select * from gravitino_irc.product_s3.page_views_local;
   Query 20260429_105856_00003_b6ir4 failed: Failed to load view 
'page_views_local'
   io.trino.spi.TrinoException: Failed to load view 'page_views_local'
        at 
io.trino.plugin.iceberg.catalog.rest.TrinoRestCatalog.getIcebergView(TrinoRestCatalog.java:732)
        at 
io.trino.plugin.iceberg.catalog.rest.TrinoRestCatalog.getView(TrinoRestCatalog.java:699)
        at 
io.trino.plugin.iceberg.IcebergMetadata.getView(IcebergMetadata.java:3261)
        at 
io.trino.plugin.base.classloader.ClassLoaderSafeConnectorMetadata.getView(ClassLoaderSafeConnectorMetadata.java:717)
        at 
io.trino.tracing.TracingConnectorMetadata.getView(TracingConnectorMetadata.java:853)
        at 
io.trino.metadata.MetadataManager.getViewInternal(MetadataManager.java:1610)
        at io.trino.metadata.MetadataManager.getView(MetadataManager.java:1548)
        at io.trino.tracing.TracingMetadata.getView(TracingMetadata.java:921)
        at 
io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitTable(StatementAnalyzer.java:2303)
        at 
io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitTable(StatementAnalyzer.java:531)
        at io.trino.sql.tree.Table.accept(Table.java:70)
        at io.trino.sql.tree.AstVisitor.process(AstVisitor.java:27)
        at 
io.trino.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:550)
        at 
io.trino.sql.analyzer.StatementAnalyzer$Visitor.analyzeFrom(StatementAnalyzer.java:5085)
        at 
io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitQuerySpecification(StatementAnalyzer.java:3142)
        at 
io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitQuerySpecification(StatementAnalyzer.java:531)
        at 
io.trino.sql.tree.QuerySpecification.accept(QuerySpecification.java:155)
        at io.trino.sql.tree.AstVisitor.process(AstVisitor.java:27)
        at 
io.trino.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:550)
        at 
io.trino.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:558)
        at 
io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitQuery(StatementAnalyzer.java:1587)
        at 
io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitQuery(StatementAnalyzer.java:531)
        at io.trino.sql.tree.Query.accept(Query.java:130)
        at io.trino.sql.tree.AstVisitor.process(AstVisitor.java:27)
        at 
io.trino.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:550)
        at 
io.trino.sql.analyzer.StatementAnalyzer.analyze(StatementAnalyzer.java:510)
        at 
io.trino.sql.analyzer.StatementAnalyzer.analyze(StatementAnalyzer.java:499)
        at io.trino.sql.analyzer.Analyzer.analyze(Analyzer.java:98)
        at io.trino.sql.analyzer.Analyzer.analyze(Analyzer.java:87)
        at 
io.trino.execution.SqlQueryExecution.analyze(SqlQueryExecution.java:283)
        at 
io.trino.execution.SqlQueryExecution.<init>(SqlQueryExecution.java:218)
        at 
io.trino.execution.SqlQueryExecution$SqlQueryExecutionFactory.createQueryExecution(SqlQueryExecution.java:882)
        at 
io.trino.dispatcher.LocalDispatchQueryFactory.lambda$createDispatchQuery$0(LocalDispatchQueryFactory.java:158)
        at io.trino.$gen.Trino_478____20260429_081329_2.call(Unknown Source)
        at 
com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:128)
        at 
com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:74)
        at 
com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:80)
        at 
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1090)
        at 
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:614)
        at java.base/java.lang.Thread.run(Thread.java:1474)
   Caused by: org.apache.iceberg.exceptions.ForbiddenException: Forbidden: User 
'service-account-postman-client' is not authorized to perform operation 
'loadView' on metadata 'metalake_b.catalog_1.product_s3.page_views_local' with 
expression 'ANY(OWNER, METALAKE, CATALOG) ||
   SCHEMA_OWNER_WITH_USE_CATALOG ||
   ANY_USE_CATALOG && ANY_USE_SCHEMA && (VIEW::OWNER || ANY_SELECT_VIEW || 
ANY_CREATE_VIEW
       || ANY_SELECT_TABLE || ANY_MODIFY_TABLE || ANY_CREATE_TABLE)
   '
        at 
org.apache.iceberg.rest.ErrorHandlers$DefaultErrorHandler.accept(ErrorHandlers.java:238)
        at 
org.apache.iceberg.rest.ErrorHandlers$ViewErrorHandler.accept(ErrorHandlers.java:168)
        at 
org.apache.iceberg.rest.ErrorHandlers$ViewErrorHandler.accept(ErrorHandlers.java:152)
        at org.apache.iceberg.rest.HTTPClient.throwFailure(HTTPClient.java:240)
        at org.apache.iceberg.rest.HTTPClient.execute(HTTPClient.java:336)
        at org.apache.iceberg.rest.HTTPClient.execute(HTTPClient.java:297)
        at org.apache.iceberg.rest.BaseHTTPClient.get(BaseHTTPClient.java:77)
        at org.apache.iceberg.rest.RESTClient.get(RESTClient.java:88)
        at 
org.apache.iceberg.rest.RESTSessionCatalog.loadView(RESTSessionCatalog.java:1139)
        at 
io.trino.plugin.iceberg.catalog.rest.TrinoRestCatalog.getIcebergView(TrinoRestCatalog.java:726)
        ... 39 more
   
   
   ```
   
   ### Error message and/or stacktrace
   
   ```
   Caused by: org.apache.iceberg.exceptions.ForbiddenException: Forbidden: User 
'service-account-postman-client' is not authorized to perform operation 
'loadView' on metadata 'metalake_b.catalog_1.product_s3.page_views_local' with 
expression 'ANY(OWNER, METALAKE, CATALOG) ||
   SCHEMA_OWNER_WITH_USE_CATALOG ||
   ANY_USE_CATALOG && ANY_USE_SCHEMA && (VIEW::OWNER || ANY_SELECT_VIEW || 
ANY_CREATE_VIEW
       || ANY_SELECT_TABLE || ANY_MODIFY_TABLE || ANY_CREATE_TABLE)
   '
        at 
org.apache.iceberg.rest.ErrorHandlers$DefaultErrorHandler.accept(ErrorHandlers.java:238)
        at 
org.apache.iceberg.rest.ErrorHandlers$ViewErrorHandler.accept(ErrorHandlers.java:168)
        at 
org.apache.iceberg.rest.ErrorHandlers$ViewErrorHandler.accept(ErrorHandlers.java:152)
        at org.apache.iceberg.rest.HTTPClient.throwFailure(HTTPClient.java:240)
        at org.apache.iceberg.rest.HTTPClient.execute(HTTPClient.java:336)
        at org.apache.iceberg.rest.HTTPClient.execute(HTTPClient.java:297)
        at org.apache.iceberg.rest.BaseHTTPClient.get(BaseHTTPClient.java:77)
        at org.apache.iceberg.rest.RESTClient.get(RESTClient.java:88)
        at 
org.apache.iceberg.rest.RESTSessionCatalog.loadView(RESTSessionCatalog.java:1139)
        at 
io.trino.plugin.iceberg.catalog.rest.TrinoRestCatalog.getIcebergView(TrinoRestCatalog.java:726)
        ... 39 more
   
   ```
   
   ### How to reproduce
   
   1.  user A is the table owner, and he has USE_CATALOG, USE_SCHEMA permission 
   2. Confirm it can load table by gravitino API
   3. Select table through Trino (Trino use the same user A)
   
   ### Additional context
   
   _No response_


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[I] [Bug report] select table operation is forbidden when the user is the table owner with USE_CATALOG, USE_SCHEMA permission [gravitino]

Reply via email to