[ https://issues.apache.org/jira/browse/IMPALA-6086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16543836#comment-16543836 ]
ASF subversion and git services commented on IMPALA-6086: --------------------------------------------------------- Commit 408e0255c52edfe89585f324d372e4d8a12263ed in impala's branch refs/heads/master from [~zoram] [ https://git-wip-us.apache.org/repos/asf?p=impala.git;h=408e025 ] IMPALA-6086: Use of permanent function should require SELECT privilege on DB To use a permanent UDF should require at least SELECT privilege on the database. Functions that have constant arguments get constant-folded into string literals, losing their privilege requests in the process. This patch saves the privilege requests found during the first phase of query analysis, where all the objects and the privileges required to access them are identified. The requests are added back to the new analyzer created for re-analysis post expression rewrite. Testing: New FE test cases have been added to AuthorizationStmtTest. Manual tests were also done to identify the bug, as well as to test the fix. Ran exhaustive and covering tests. Change-Id: Iee70f15e4c04f7daaed9cac2400ec626e1fb0e57 Reviewed-on: http://gerrit.cloudera.org:8080/10850 Reviewed-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Tested-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com> > Use of permanent function should require SELECT privilege on DB > --------------------------------------------------------------- > > Key: IMPALA-6086 > URL: https://issues.apache.org/jira/browse/IMPALA-6086 > Project: IMPALA > Issue Type: Bug > Components: Catalog, Security > Affects Versions: Impala 2.9.0, Impala 3.1.0 > Reporter: Zoram Thanga > Assignee: Zoram Thanga > Priority: Minor > Labels: security > > A user that has no privilege on a database should not be able to execute any > permanent functions in that database. This is currently possible, and should > be fixed, so that the user must have SELECT privilege to execute permanent > functions. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org For additional commands, e-mail: issues-all-h...@impala.apache.org