[
https://issues.apache.org/jira/browse/IMPALA-14507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fang-Yu Rao updated IMPALA-14507:
---------------------------------
Summary: Consider lowering the privileges required for inserting data into
a table (was: Consider lowering the privileges required for inserting values
into a table)
> Consider lowering the privileges required for inserting data into a table
> -------------------------------------------------------------------------
>
> Key: IMPALA-14507
> URL: https://issues.apache.org/jira/browse/IMPALA-14507
> Project: IMPALA
> Issue Type: Improvement
> Reporter: Fang-Yu Rao
> Assignee: Fang-Yu Rao
> Priority: Minor
>
> Currently Impala requires a requesting user to have the INSERT privilege on a
> table, if the requesting user wants to insert a row into a table, even when
> the requesting user only wants to insert values into some but not all columns
> in the target table. For instance, consider the following query. It may be
> less restrictive from a user's perspective, if the requesting user only needs
> the INSERT privileges on the columns 'id', 'month', and 'year', but not other
> columns, e.g., 'bool_col'.
> {code:java}
> insert into functional.alltypestiny(id, month, year) values (123, 1, 2025);
> {code}
>
> This especially makes sense in the cases where different users insert values
> into different columns of the same table. For instance, when the target table
> is a Kudu table that has the following columns. It's possible that a user is
> taking care of updating the values of the columns 'bool_col' and
> 'tinyint_col', whereas the other use is taking care of updating the values of
> the columns 'month' and 'year'.
> {code:java}
> +-----------------+-----------+---------+-------------+------------+----------+---------------+---------------+---------------------+------------+
> | name | type | comment | primary_key | key_unique | nullable
> | default_value | encoding | compression | block_size |
> +-----------------+-----------+---------+-------------+------------+----------+---------------+---------------+---------------------+------------+
> | id | int | | true | true | false
> | | AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
> | bool_col | boolean | | false | | true
> | | AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
> | tinyint_col | tinyint | | false | | true
> | | AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
> | smallint_col | smallint | | false | | true
> | | AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
> | int_col | int | | false | | true
> | | AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
> | bigint_col | bigint | | false | | true
> | | AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
> | float_col | float | | false | | true
> | | AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
> | double_col | double | | false | | true
> | | AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
> | date_string_col | string | | false | | true
> | | AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
> | string_col | string | | false | | true
> | | AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
> | timestamp_col | timestamp | | false | | true
> | | AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
> | year | int | | false | | true
> | | AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
> | month | int | | false | | true
> | | AUTO_ENCODING | DEFAULT_COMPRESSION | 0 |
> +-----------------+-----------+---------+-------------+------------+----------+---------------+---------------+---------------------+------------+
> {code}
> On the other hand, for non-Kudu tables, it looks like Impala does not support
> updating different subsets of columns of a target table separately, and thus
> it may be okay that we require the INSERT privilege on the whole target table
> to insert data into a table.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
