mirror of
https://github.com/apache/impala.git
synced 2026-01-08 12:02:54 -05:00
1aa3a5c616
IMPALA-4000 added basic authorization support for Kudu tables, but it had several limitations: * Only the ALL privilege level can be granted to Kudu tables. (Finer-grained levels such as only SELECT or only INSERT are not supported.) * Column level permissions on Kudu tables are not supported. * Only users with ALL privileges on SERVER may create external Kudu tables. This patch relaxes the restrictions to allow: * Allow column-level permissions * Allow fine grained privileges SELECT and INSERT for those statement types. DELETE/UPDATE/UPSERT privileges now require ALL privileges because Sentry will eventually get fine grained privilege actions, and at that point Impala should support the more specific actions (IMPALA-3840). The assumption is that the Kudu table authorization support is currently so limited that most users are not using this functionality yet, but this is a behavior change that needs to be clearly stated in the Impala release notes. Testing: Adds FE and EE tests. Change-Id: Ib12d2b32fa3e142e69bd8b0f24f53f9e5cbf7460 Reviewed-on: http://gerrit.cloudera.org:8080/7307 Reviewed-by: Matthew Jacobs <mj@cloudera.com> Tested-by: Impala Public Jenkins