[DISTRO-515] With authorization enabled, EXPLAIN SELECT * FROM <some view> will divulge existence of tables the user doesn't have privileges to access - Cloudera Open Source

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: CDH4.4.0
Fix Version/s: None
Component/s: Hive, Security
Labels:
None

Description

With authorization enabled will divulge existence of tables the user doesn't have privileges to access

For example, the following query will show details of the existence of tables the user might not have privileges to access:

CREATE TABLE User_Does_Not_Have_Perms (i int);
CREATE VIEW v1 AS SELECT * FROM User_Does_Not_Have_Perms;

-- Give user access to v1, but no access to underlying table and run the following.
-- It will show details on the underlying table...
EXPLAIN SELECT * FROM [some_view]

One fix would be examine all the tables in the view def and fail the explain if the user doesn't have permission to any of the tables.

Attachments

Activity

People

Assignee:

Unassigned

Reporter:

Lenni Kuff

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

14/Aug/13 12:53 AM

Updated:

14/Aug/13 1:01 AM