[ https://issues.apache.org/jira/browse/IMPALA-7002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17036550#comment-17036550 ]
ASF subversion and git services commented on IMPALA-7002: --------------------------------------------------------- Commit 8ddbc1807a641587a05c2f5327c498f92acb935c in impala's branch refs/heads/master from wzhou-code [ https://gitbox.apache.org/repos/asf?p=impala.git;h=8ddbc18 ] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. Currently if a user without required privileges tries to access a non-existent database or table, then impala returns an analysis exception instead of authorization exception. This happens because during analysis of the with clause, the authorization request does not get registered due to analysis exception being thrown before it. This patch makes sure that those requests get registered regardless. Testing: - Manual test: - ran CTE with non-existent database/table in impala-shell without required privilege, verified that it results in AuthorizationException. - ran CTE with non-existent database/table in impala-shell with the required privilege, verified that it results in AnalysisException. - Added CTE test cases for non-existent database/table/column in AuthorizationStmtTest. - Passed all FE tests. - Passed all core tests. Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Reviewed-on: http://gerrit.cloudera.org:8080/15123 Reviewed-by: Bikramjeet Vig <bikramjeet....@cloudera.com> Tested-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com> > Referencing non-existent table/database in CTE without any privilege results > in AnalysisException and not AuthorizationException > -------------------------------------------------------------------------------------------------------------------------------- > > Key: IMPALA-7002 > URL: https://issues.apache.org/jira/browse/IMPALA-7002 > Project: IMPALA > Issue Type: Bug > Components: Frontend > Affects Versions: Impala 2.10.0, Impala 2.11.0, Impala 2.12.0 > Reporter: Fredy Wijaya > Assignee: Wenzhe Zhou > Priority: Major > Labels: security > > {noformat} > A CTE from non-existent database. > [localhost:21000] default> with t as (select id from nodb.alltypes) select * > from t; > Query: with t as (select id from nodb.alltypes) select * from t > Query submitted at: 2018-05-09 12:31:29 (Coordinator: http://impdev-dev:25000) > ERROR: AnalysisException: Could not resolve table reference: 'nodb.alltypes' > A normal select from non-existent database. > [localhost:21000] default> select id from nodb.alltypes; Query: select id > from nodb.alltypes > Query submitted at: 2018-05-09 12:32:58 (Coordinator: > http://fwijaya-dev:25000) > ERROR: AuthorizationException: User 'impdev' does not have privileges to > execute 'SELECT' on: nodb.alltypes > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org For additional commands, e-mail: issues-all-h...@impala.apache.org