Adar Dembo has posted comments on this change. ( http://gerrit.cloudera.org:8080/11753 )
Change subject: authz: verify tokens on scans ...................................................................... Patch Set 9: (1 comment) http://gerrit.cloudera.org:8080/#/c/11753/9/src/kudu/tserver/tablet_service.cc File src/kudu/tserver/tablet_service.cc: http://gerrit.cloudera.org:8080/#/c/11753/9/src/kudu/tserver/tablet_service.cc@436 PS9, Line 436: respond_not_authorized(scan_pb.projected_columns(i).name()); > It's probably be easy enough to ignore "is_deleted" here if we get kColumnN How about enforcing that the presence of a virtual column (you can test for this via is_virtual() on the column's type)) requires key column privileges a la L29-L430? I thought we agreed that this would be an OK place to start as per our discussion here: https://gerrit.cloudera.org/c/11753/4/src/kudu/tserver/tablet_service.cc#427 -- To view, visit http://gerrit.cloudera.org:8080/11753 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I7a5d81cf215a5d936f8853feba05778038764905 Gerrit-Change-Number: 11753 Gerrit-PatchSet: 9 Gerrit-Owner: Andrew Wong <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Comment-Date: Wed, 20 Mar 2019 16:06:39 +0000 Gerrit-HasComments: Yes
