Fang-Yu Rao created IMPALA-14507:
------------------------------------
Summary: Consider lowering the privileges required for inserting
values into a table
Key: IMPALA-14507
URL: https://issues.apache.org/jira/browse/IMPALA-14507
Project: IMPALA
Issue Type: Improvement
Reporter: Fang-Yu Rao
Assignee: Fang-Yu Rao
Currently Impala requires a requesting user to have the INSERT privilege on a
table, if the requesting user wants to insert a row into a table, even when the
requesting user only wants to insert values into some but not all columns in
the target table. For instance, consider the following query. It may be less
restrictive from a user's perspective, if the requesting user only needs the
INSERT privileges on the columns 'id', 'month', and 'year', but not other
columns, e.g., 'bool_col'.
{code:java}
insert into functional.alltypestiny(id, month, year) values (123, 1, 2025);
{code}
This especially makes sense in the cases where different users insert values
into different columns of the same table. For instance, when the target table
is a Kudu table that has the following columns. It's possible that a user is
taking care of updating the values of the columns 'bool_col' and 'tinyint_col',
whereas the other use is taking care of updating the values of the columns
'month' and 'year'.
{code:java}
+-----------------+-----------+---------+-------------+------------+----------+---------------+---------------+---------------------+------------+
| name | type | comment | primary_key | key_unique | nullable |
default_value | encoding | compression | block_size |
+-----------------+-----------+---------+-------------+------------+----------+---------------+---------------+---------------------+------------+
| id | int | | true | true | false |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| bool_col | boolean | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| tinyint_col | tinyint | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| smallint_col | smallint | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| int_col | int | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| bigint_col | bigint | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| float_col | float | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| double_col | double | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| date_string_col | string | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| string_col | string | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| timestamp_col | timestamp | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| year | int | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
| month | int | | false | | true |
| AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
+-----------------+-----------+---------+-------------+------------+----------+---------------+---------------+---------------------+------------+
{code}
On the other hand, for non-Kudu tables, it looks like Impala does not support
updating different subsets of columns of a target table separately, and thus it
may be okay that we require the INSERT privilege on the whole target table to
insert data into a table.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
