Fredy Wijaya has uploaded a new patch set (#4). ( http://gerrit.cloudera.org:8080/11279 )
Change subject: IMPALA-7344: Restrict ALTER DATABASE/TABLE SET OWNER statements ...................................................................... IMPALA-7344: Restrict ALTER DATABASE/TABLE SET OWNER statements Prior to this patch, any user with ALTER privilege could alter the database/table ownership from one user/role to another user/role. This is undesirable because altering an object ownership means giving a full access to that object. This patch restricts the ALTER DATABASE/TABLE SET OWNER statements to require ALL/OWNER with GRANT OPTION when authorization is enabled. Testing: - Added FE authorization tests - Ran all FE tests - Ran core tests Change-Id: I2485933c02b5384950b7c882ba1eb0fd703db5a3 --- M bin/impala-config.sh M fe/src/main/java/org/apache/impala/analysis/AlterDbSetOwnerStmt.java M fe/src/main/java/org/apache/impala/analysis/AlterTableOrViewSetOwnerStmt.java M fe/src/main/java/org/apache/impala/analysis/Analyzer.java M fe/src/main/java/org/apache/impala/analysis/BaseTableRef.java M fe/src/main/java/org/apache/impala/analysis/CollectionTableRef.java M fe/src/main/java/org/apache/impala/analysis/InlineViewRef.java M fe/src/main/java/org/apache/impala/analysis/TableRef.java M fe/src/main/java/org/apache/impala/authorization/AuthorizationChecker.java M fe/src/main/java/org/apache/impala/authorization/PrivilegeRequest.java M fe/src/main/java/org/apache/impala/authorization/PrivilegeRequestBuilder.java M fe/src/main/java/org/apache/impala/catalog/PrincipalPrivilege.java M fe/src/main/java/org/apache/impala/util/SentryPolicyService.java M fe/src/test/java/org/apache/impala/analysis/AnalyzeStmtsTest.java M fe/src/test/java/org/apache/impala/analysis/AuthorizationStmtTest.java 15 files changed, 238 insertions(+), 86 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/79/11279/4 -- To view, visit http://gerrit.cloudera.org:8080/11279 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: I2485933c02b5384950b7c882ba1eb0fd703db5a3 Gerrit-Change-Number: 11279 Gerrit-PatchSet: 4 Gerrit-Owner: Fredy Wijaya <fwij...@cloudera.com> Gerrit-Reviewer: Adam Holley <ahol...@cloudera.com> Gerrit-Reviewer: Fredy Wijaya <fwij...@cloudera.com> Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Gerrit-Reviewer: Vuk Ercegovac <vercego...@cloudera.com>
