Description
When authorization enabled, Impala rejects count but select * still works. This happens when the role is only granted all columns privileges, but without SELECT on the table.
Query: show current roles
-----------
role_name |
-----------
guest |
-----------
Query: show grant role guest
------------------------------------------------------------------------------------------+
scope | database | table | column | uri | privilege | grant_option | create_time |
------------------------------------------------------------------------------------------+
database | _impala_builtins | select | false | Fri, Dec 13 2019 13:45:00.917 | |||
database | default | all | false | Tue, Dec 10 2019 15:43:50.497 | |||
column | tpch | test | c | select | false | Fri, Dec 13 2019 09:43:21.112 |
------------------------------------------------------------------------------------------+
select * from tpch.test;
Query: select * from tpch.test
-----
c |
-----
100 |
-----
Fetched 1 row(s) in 0.23s
select count from tpch.test;
Query: select count from tpch.test
Query submitted at: 2019-12-18 14:16:29
ERROR: AuthorizationException: User 'test' does not have privileges to execute 'SELECT' on: tpch.test