Details
-
New Feature
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
None
-
None
-
ghx-label-3
Description
Row-filtering policies are applied as the WHERE clause of the table masking view of the base table/view. E.g. if table "tblA" contains a row-filtering policy "id=0", the original query "select * from tblA join tblB on (id)" will be analyzed as
select * from ( select col1, col2, ..., colN from tblA where id = 0 ) v join tblB on (id)
The row-filtering policy expression can also use subqueries, e.g. "id = (select min(id) from tblC)". However, if the WHERE clause introduces subqueries, it will introduce new tables whose metadata is not loaded in Analyzer's StmtTableCache. So the Analyzer will fail to resolve them and raise AuthorizationExceptions complaining user doesn't have privilege to SELECT those tables.
One solution is collecting tables introduced by subqueries of Column-masking/Row-filtering expressions and also load them in StmtMetadataLoader#loadTables().
Attachments
Issue Links
- causes
-
IMPALA-10609 NullPointerException in loading tables introduced by ranger masking policies
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
-
- Resolved
-