Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
Impala 2.0, Impala 2.1, Impala 2.2, Impala 2.3.0, Impala 2.5.0, Impala 2.4.0, Impala 2.6.0
Description
Impala by-passes Sentry authorization for views if the query or the view itself contains a subquery in any WHERE clause. This gives read access to the views to any user that would otherwise have insufficient privileges.
The underlying base tables of views are still protected.
Queries that do not have subqueries in the WHERE clause are still protected (unless the view itself contains such a subquery).
Other operations like accessing the view definition or altering the view are still protected.
Example reproduction:
1. Setup as a user with sufficient privileges
CREATE VIEW default.noauth_view AS
SELECT COUNT(*) FROM functional.alltypes
WHERE id IN (SELECT id FROM functional.alltypessmall);
Notice the IN subquery in the WHERE clause. Other types of subqueries like NOT IN, EXISTS and NOT EXISTS also trigger this bug.
2. Log in as a user with insufficient privileges (e.g. no roles at all)
SHOW ROLES; // Empty result set SELECT * FROM default.noauth_view // Returns all results