[
https://issues.apache.org/jira/browse/IMPALA-14507?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18070975#comment-18070975
]
ASF subversion and git services commented on IMPALA-14507:
----------------------------------------------------------
Commit b650fda439c578d4067bfbc5694c348cb8a8c4e6 in impala's branch
refs/heads/master from Fang-Yu Rao
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=b650fda43 ]
IMPALA-14875: Make a Preconditions check case-insensitive in authorize()
In IMPALA-14507, we slightly revised a Preconditions check that requires
each column-level privilege request has at least one respective
table-level privilege request. However, we found that this introduced a
regression due to which the check would fail in the local catalog mode
if the name of the target table in the CREATE TABLE AS SELECT statement
contains uppercase letters. For instance, a query like the following
would fail in the local catalog mode.
create table alltypes_A as select int_col from functional.alltypes;
One root cause of this was that during the registration of the
column-level INSERT privilege in InsertStmt#analyze(),
table_.getTableName().getTbl() would still contain uppercase letters in
the local catalog mode. As a result, during the Preconditions check in
BaseAuthorizationChecker#authorize(), the key of the same table in the
map from table name to the associated table-level privilege requests
did not match that in the map from table name to the associated
column-level privilege requests, causing the check to fail. In our
example, the key of the target table in the former map would end with
"alltypes_a", whereas that of the latter map ended with "alltypes_A".
To fix the issue, this patch lowercases the table name when constructing
the 2 maps above.
On a related note, the issue only affected the CTAS statement but not
the INSERT statement. This is because during the analysis of the CTAS
statement in the local catalog mode, we create a temporary target table
'table_' such that table_.getTableName().getTbl() could still contain
uppercase letters and then call InsertStmt#analyze() with 'table_' being
the target table. For the INSERT statement, the name of the target table
is already lowercased for both catalog modes.
Testing:
- Added test cases to verify that a CTAS statement could pass the
Preconditions check even though the name of target table has
capital letters.
Change-Id: Idfae24a7de8da683bc0bf28a947188ab96481301
Reviewed-on: http://gerrit.cloudera.org:8080/24165
Reviewed-by: Yida Wu <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>
Reviewed-by: Michael Smith <[email protected]>
> Consider lowering the privileges required for inserting data into a table
> -------------------------------------------------------------------------
>
> Key: IMPALA-14507
> URL: https://issues.apache.org/jira/browse/IMPALA-14507
> Project: IMPALA
> Issue Type: Improvement
> Reporter: Fang-Yu Rao
> Assignee: Fang-Yu Rao
> Priority: Minor
>
> Currently Impala requires a requesting user to have the INSERT privilege on a
> table, if the requesting user wants to insert a row into the table, even when
> the requesting user only wants to insert values into some but not all columns
> in the target table. For instance, consider the following query. It may be
> less restrictive from a user's perspective, if the requesting user only needs
> the INSERT privileges on the columns 'id', 'month', and 'year', but not other
> columns, e.g., 'bool_col'.
> {code:java}
> insert into functional.alltypestiny(id, month, year) values (123, 1, 2025);
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
