[IMPALA-10415] SHOW GRANT statement should perform a check for requesting user - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Frontend, Security
Labels:
- backwards-compatibility
- security

Epic Color:
ghx-label-6

Description

We found that the SHOW GRANT statement does not really perform a check for the requesting user to determine whether the requesting user is authorized to access the result. Specifically, there is no such check in RangerImpaladAuthorizationManager#getPrivileges().

Recall that such a check was performed when we were using Sentry as the authorization provider. Refer to SentryImpaladAuthorizationManager#getPrivileges().

Such an issue is partly due to the fact that we do not have a dedicated Ranger API to check whether a user is a Ranger administrator, which is also currently tracked at RANGER-3127.

Attachments

Activity

People

Assignee:: Fang-Yu Rao

Reporter:: Quanlong Huang

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 30/Dec/20 03:03

Updated:: 20/Jan/21 23:10