[
https://issues.apache.org/jira/browse/DRILL-3041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14540870#comment-14540870
]
Venki Korukanti edited comment on DRILL-3041 at 5/12/15 10:09 PM:
------------------------------------------------------------------
This is because when creating the view, we check if the table exists or not. In
this case table is a single file. To check if the file exists, we need read
permissions on the parent directory (which we have in this case). When querying
the view, we actually read the file at that point we fail due to permissions.
was (Author: vkorukanti):
This is because when creating the view, we check if the table exists are not.
In this case table is a single file. To check if the file exists, we need to
read permissions on the parent directory (which we have in this case). When
querying the view, we actually read the file at that point we fail due to
permissions.
> Impersonation-user can create view against file that user doesn't have read
> access
> -----------------------------------------------------------------------------------
>
> Key: DRILL-3041
> URL: https://issues.apache.org/jira/browse/DRILL-3041
> Project: Apache Drill
> Issue Type: Bug
> Components: Execution - RPC
> Affects Versions: 1.0.0
> Reporter: Krystal
> Assignee: Venki Korukanti
> Fix For: 1.1.0
>
>
> git.commit.id.abbrev=d10769f
> I have a file that has the following permission:
> -rwx------ 3 qa2 users 63078 2015-01-30 21:19
> /drill/testdata/csv/voter.csv
> The directory right above the file has the following permission:
> drwxr-xr-x - qa2 users 3 2015-05-12 14:22 /drill/testdata/csv
> Logged into sqlline as a different user and attempted to create a view:
> 0: jdbc:drill:schema=dfs.root> CREATE VIEW `dfs.qa1`.`test_v4` AS SELECT
> columns[0] as column_0, columns[1] as column_1, columns[2] as column_2,
> columns[3] as column_3, columns[4] as column_4, columns[5] as column_5,
> columns[6] as column_6 FROM `dfs`.`default`.`drill/testdata/csv/voter.csv`
> LIMIT 100;
> The view got created successfully. However if I tried to read from the view,
> I can't because of the lack of permission to the voter.csv table:
> 0: jdbc:drill:schema=dfs.root> select * from `dfs.qa1`.`test_v4`;
> Error: SYSTEM ERROR: org.apache.hadoop.security.AccessControlException: Open
> failed for file: /drill/testdata/csv/voter.csv, error: Permission denied (13)
> Currently drill only check if the folder contains correct permission and not
> at the file level when creating views. It seems odd that a user is allowed
> to create the view then not being able to access it afterwards.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
