[
https://issues.apache.org/jira/browse/IMPALA-8587?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16930910#comment-16930910
]
Fang-Yu Rao commented on IMPALA-8587:
-------------------------------------
After testing the proposed patch, I found that even we log in to impalad via
Impala shell as a non-Ranger super user, the execution of that SQL user could
still succeed. For example, if we log in to impalad as a user using
{code:java}
./bin/impala-shell.sh -u random_user;
{code}
The SQL statement in the following could still succeed.
{code:java}
show grant user admin on database functional;
{code}
This seems like a bug.
> Show inherited privileges in show grant w/ Ranger
> -------------------------------------------------
>
> Key: IMPALA-8587
> URL: https://issues.apache.org/jira/browse/IMPALA-8587
> Project: IMPALA
> Issue Type: Sub-task
> Components: Frontend
> Reporter: Austin Nobis
> Assignee: Fang-Yu Rao
> Priority: Critical
>
> If an admin has privileges from:
> *grant all on server to user admin;*
>
> Currently the command below will show no results:
> *show grant user admin on database functional;*
>
> After the change, the user should see server level privileges from:
> *show grant user admin on database functional;*
>
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org
