[Impala-ASF-CR] IMPALA-7676: DESCRIBE on table should require VIEW METADATA privilege

Tue, 09 Oct 2018 21:59:33 -0700 

Fredy Wijaya has uploaded a new patch set (#4). ( 
http://gerrit.cloudera.org:8080/11617 )

Change subject: IMPALA-7676: DESCRIBE on table should require VIEW_METADATA 
privilege
......................................................................

IMPALA-7676: DESCRIBE on table should require VIEW_METADATA privilege

IMPALA-6479 broke the DESCRIBE's privilege model by changing the
privilege from VIEW_METADATA to ANY in order to support column-level
privileges in DESCRIBE. This caused an issue where having non-
VIEW_METADATA privilege, such as CREATE privilege on a particular
database allows executing a DESCRIBE statement on all tables in the
database. This behavior is also inconsistent with Hive's DESCRIBE
and Impala's DESCRIBE DATABASE privilege models. Although there is not
any security risk for this particular issue since having non-
VIEW METADATA on a particular database always returns an empty result,
fixing this issue will make the behavior consistent with Hive and also
DESCRIBE DATABASE in Impala. This patch fixes the issue by changing the
privilege requirement back from ANY to VIEW_METADATA.

Testing:
- Ran all FE tests

Change-Id: I283e30ebff6d61e779a4cec8284cae0ccb90cc49
---
M fe/src/main/java/org/apache/impala/analysis/Analyzer.java
M fe/src/main/java/org/apache/impala/analysis/DescribeTableStmt.java
M fe/src/main/java/org/apache/impala/analysis/DropTableOrViewStmt.java
M fe/src/main/java/org/apache/impala/analysis/PartitionDef.java
M fe/src/main/java/org/apache/impala/analysis/PartitionSpecBase.java
M fe/src/test/java/org/apache/impala/analysis/AuditingTest.java
M fe/src/test/java/org/apache/impala/analysis/AuthorizationStmtTest.java
7 files changed, 67 insertions(+), 42 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/17/11617/4
--
To view, visit http://gerrit.cloudera.org:8080/11617
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I283e30ebff6d61e779a4cec8284cae0ccb90cc49
Gerrit-Change-Number: 11617
Gerrit-PatchSet: 4
Gerrit-Owner: Fredy Wijaya <fwij...@cloudera.com>
Gerrit-Reviewer: Adam Holley <ahol...@cloudera.com>
Gerrit-Reviewer: Csaba Ringhofer <csringho...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fwij...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
Gerrit-Reviewer: Vuk Ercegovac <vercego...@cloudera.com>

Reply via email to