Quanlong Huang has posted comments on this change. ( http://gerrit.cloudera.org:8080/23569 )
Change subject: IMPALA-14507: Register column-level privilege requests for INSERT ...................................................................... Patch Set 7: (4 comments) http://gerrit.cloudera.org:8080/#/c/23569/7/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java File fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java: http://gerrit.cloudera.org:8080/#/c/23569/7/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java@731 PS7, Line 731: .table(authorizable.getTableName()) Should we set the owner here? http://gerrit.cloudera.org:8080/#/c/23569/7/tests/authorization/test_ranger.py File tests/authorization/test_ranger.py: http://gerrit.cloudera.org:8080/#/c/23569/7/tests/authorization/test_ranger.py@1489 PS7, Line 1489: def _test_deny_insert_into_column(self, unique_name): Can we add another test that if there is a column-masking policy enabled for the user on a column, the user shouldn't be able to insert the column but OK on other columns? IIUC, column-masking policy should block users from modifying the source of the masked data (RANGER-1087). http://gerrit.cloudera.org:8080/#/c/23569/7/tests/authorization/test_ranger.py@1496 PS7, Line 1496: allowed_query = ("insert into {0}.{1}({2}) values (1)" How about UPDATE statement on Kudu and Iceberg tables and MERGE statement on Iceberg tables? Do they have the same behavior as INSERT? http://gerrit.cloudera.org:8080/#/c/23569/7/tests/authorization/test_ranger.py@1508 PS7, Line 1508: admin_client.execute("create table {0}.{1} ({2} int, {3} bigint)" : .format(unique_database, unique_table, columns[0], columns[1])) Can we also add tests for partitioned tables and Iceberg tables? -- To view, visit http://gerrit.cloudera.org:8080/23569 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I2ef61801d3b394c56702b193c250492a62b111df Gerrit-Change-Number: 23569 Gerrit-PatchSet: 7 Gerrit-Owner: Fang-Yu Rao <[email protected]> Gerrit-Reviewer: Fang-Yu Rao <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Noemi Pap-Takacs <[email protected]> Gerrit-Reviewer: Quanlong Huang <[email protected]> Gerrit-Reviewer: Riza Suminto <[email protected]> Gerrit-Comment-Date: Wed, 12 Nov 2025 10:57:36 +0000 Gerrit-HasComments: Yes
