Csaba Ringhofer has posted comments on this change. ( http://gerrit.cloudera.org:8080/23569 )
Change subject: IMPALA-14507: Register column-level privilege requests for INSERT ...................................................................... Patch Set 18: (4 comments) http://gerrit.cloudera.org:8080/#/c/23569/17/fe/src/main/java/org/apache/impala/analysis/CreateTableAsSelectStmt.java File fe/src/main/java/org/apache/impala/analysis/CreateTableAsSelectStmt.java: http://gerrit.cloudera.org:8080/#/c/23569/17/fe/src/main/java/org/apache/impala/analysis/CreateTableAsSelectStmt.java@212 PS17, Line 212: // The full privilege check for the database will be done as part of the INSERT : // analysis. : FeDb db = analyzer.getDb(createStmt_.getDb(), Privilege.ANY); I am not sure if this is correct - if the user does not have any privilege on a db name, then they shouldn't be able to learn whether it exists or not - or the authorization was already done before this? http://gerrit.cloudera.org:8080/#/c/23569/18/tests/authorization/test_ranger.py File tests/authorization/test_ranger.py: http://gerrit.cloudera.org:8080/#/c/23569/18/tests/authorization/test_ranger.py@1521 PS18, Line 1521: unique_table = unique_name + "_tbl" Is it really needed to use a random name? Can't we just use unique_database and create tables with fixed names in it? http://gerrit.cloudera.org:8080/#/c/23569/18/tests/authorization/test_ranger.py@1539 PS18, Line 1539: admin_client.execute("drop database if exists {0} cascade" : .format(unique_database)) This shouldn't be needed as the name is unique http://gerrit.cloudera.org:8080/#/c/23569/18/tests/authorization/test_ranger.py@1598 PS18, Line 1598: TestRanger._remove_policies(unique_database, tbl, "*") Shouldn't we do this in the previous finally block, if the policy was created in that try block? -- To view, visit http://gerrit.cloudera.org:8080/23569 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I2ef61801d3b394c56702b193c250492a62b111df Gerrit-Change-Number: 23569 Gerrit-PatchSet: 18 Gerrit-Owner: Fang-Yu Rao <[email protected]> Gerrit-Reviewer: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Fang-Yu Rao <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Noemi Pap-Takacs <[email protected]> Gerrit-Reviewer: Quanlong Huang <[email protected]> Gerrit-Reviewer: Riza Suminto <[email protected]> Gerrit-Comment-Date: Mon, 12 Jan 2026 12:06:41 +0000 Gerrit-HasComments: Yes
