[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accessing non-existent table/database in CTE without any privilege.

Fri, 07 Feb 2020 15:49:01 -0800 

Fang-Yu Rao has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/15123 )

Change subject: IMPALA-7002: Throw AuthorizationException when user accessing 
non-existent table/database in CTE without any privilege.
......................................................................


Patch Set 6: Code-Review+1

> Patch Set 6:
>
> (1 comment)

Thanks to Wenzhe for the detailed explanation! I checked the code path again 
myself. I think what Wenzhe described is correct. Specifically, even though we 
moved the code that registers the local views (that for-loop) and the statement 
that adds the audit events to the finally block, if there is an 
AnalysisException thrown, in the end the information about those previously 
registered local views and added audit events will not be processed.

To be precise, the AnalysisException will be caught at 
https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/analysis/AnalysisContext.java#L416.
 If later on there is an AuthorizationException thrown, it will be caught at 
https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/analysis/AnalysisContext.java#L433.

As long as there is an exception thrown, anything after 
https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/service/Frontend.java#L1536
 will not be executed, including the code that processes the access events at  
https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/service/Frontend.java#L1540.


--
To view, visit http://gerrit.cloudera.org:8080/15123
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577
Gerrit-Change-Number: 15123
Gerrit-PatchSet: 6
Gerrit-Owner: Wenzhe Zhou <wz...@cloudera.com>
Gerrit-Reviewer: Bikramjeet Vig <bikramjeet....@cloudera.com>
Gerrit-Reviewer: Fang-Yu Rao <fangyu....@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>
Gerrit-Comment-Date: Fri, 07 Feb 2020 23:48:32 +0000
Gerrit-HasComments: No

Reply via email to