[IMPALA-9259] no privileges for select count(*) but select * works - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Frontend, Security
Labels:
None

Epic Color:
ghx-label-8

Description

When authorization enabled, Impala rejects count but select * still works. This happens when the role is only granted all columns privileges, but without SELECT on the table.

Query: show current roles
-----------

role_name

-----------

guest

-----------

Query: show grant role guest
------------------------------------------------------------------------------------------+

scope

database

table

column

uri

privilege

grant_option

create_time

------------------------------------------------------------------------------------------+

database	_impala_builtins			select	false	Fri, Dec 13 2019 13:45:00.917
database	default			all	false	Tue, Dec 10 2019 15:43:50.497
column	tpch	test	c	select	false	Fri, Dec 13 2019 09:43:21.112

------------------------------------------------------------------------------------------+

select * from tpch.test;
Query: select * from tpch.test
-----

-----

100

-----
Fetched 1 row(s) in 0.23s

select count from tpch.test;
Query: select count from tpch.test
Query submitted at: 2019-12-18 14:16:29
ERROR: AuthorizationException: User 'test' does not have privileges to execute 'SELECT' on: tpch.test

Attachments

Activity

People

Assignee:: Fang-Yu Rao

Reporter:: Xiaomin Zhang

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 18/Dec/19 06:22

Updated:: 05/Feb/20 01:22