[ https://issues.apache.org/jira/browse/IMPALA-8933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kurt Deschler resolved IMPALA-8933. ----------------------------------- Fix Version/s: Impala 3.4.0 Resolution: Fixed > Ranger column deny policies not respected under certain circumstances > --------------------------------------------------------------------- > > Key: IMPALA-8933 > URL: https://issues.apache.org/jira/browse/IMPALA-8933 > Project: IMPALA > Issue Type: Bug > Components: Security > Affects Versions: Impala 3.4.0 > Reporter: Kurt Deschler > Assignee: Kurt Deschler > Priority: Major > Labels: ranger > Fix For: Impala 3.4.0 > > > Ranger authorization checker missed a case of handling column level deny > policies for select and insert statements. This issue causes the policies to > not be enforced and can allow unintended access to protected columns. > Steps to Repro: > Connect impala-shell as admin: > CREATE table(c1 int, c2 int); > INSERT INTO T1 VALUES(1,1); > In Ranger: > Add policies: > 1) Name t1allow, Database *, Table t1, > Allow conditions user: <unix login>, Permissions: select > 2) Name t1deny, Database *, Table t1, > Deny conditions user: <unix login>, Permissions: select > Connect impala-shell as <unix login>: > SELECT c1 from t1; -- Not allowed > SELECT c2 from t1; -- Allowed -- This message was sent by Atlassian Jira (v8.3.2#803003) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org For additional commands, e-mail: issues-all-h...@impala.apache.org