LOAD fails with error 4481 even if user has priv
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Trafodion |
Fix Released
|
High
|
Roberta Marton |
Bug Description
A load operation is failing even when the user has the necessary privileges.
Setup:
Create a hive table:
swhive
drop table teams;
create external table teams
(team_number int,
team_name string,
team_contact string,
team_
)
row format delimited fields terminated by '|'
location '/user/
;
show tables;
quit;
Load hive table in SQL:
sqlci
initialize authorization;
insert into hive.hive.teams values
(1, 'White Socks', 'Sam','
(2, 'Giants', 'Joe', '5102839483'),
(3, 'Cardinals', 'Stella', '9513849384'),
(4, 'Indians', 'Matt', '5128383748'),
(5, 'Tigers', 'Ronit', '6198273827');
Select count(*) from hive.hive.teams;
exit;
In window 1:
sqlci –u sql_user1
create schema user1;
set schema user1;
create table teams
(team_number int not null primary key,
team_name char(20) not null,
team_contact varchar(50) not null,
team_
)
;
In window 2:
Sqlci –u sql_user2
Set schema user1;
Load with no populate indexes into user1.teams select * from hive.hive.teams;
--should fail with no INSERT and SELECT priv
Back to window 1
Grant insert, select on user1.teams to sql_user2;
Showddl user1.teams;
Back to window 2 – load operations should work but it is still failing
Load with no populate indexes into user1.teams select * from hive.hive.teams;
If I restart window 2, the operation succeeds.
It looks like the table definition cached in NATableCache is not being removed if the table does not have the necessary privileges. On next call, the incorrect cached values are used for privilege checking instead of the correct values.
Changed in trafodion: | |
importance: | Undecided → High |
assignee: | nobody → Roberta Marton (roberta-marton) |
milestone: | none → r1.1 |
tags: | added: sql-security |
Changed in trafodion: | |
status: | New → In Progress |
This problem happens because the table definition cached in NATableCache is
not being refreshed with the new values:
Generally, when a query is compiled and the user does not have privilege(s), a
call to checkPrivileges (called during binding) returns a special privilege
error. After compilation completes, the compiler (CmpMain::sqlcomp) checks to
see if a privilege error occurred. If so, the NATable entry is removed and the
request is recompiled. If a privilege error occurs the second time, the
privilege error is reported and the latest cached NATable structure is retained.
In the case of LOAD, the privilege checks are performed in the generator;
therefore checkPrivileges is not being called, the special privilege error is
not reported and the cached NATable entry is not being refreshed.
The fix moves authorization checks from the generator into the binder -
specifically checkPrivileges. A bindNode method was added to the bulk loader
code to verify privileges. The bindNode, checks to see if the user has the
MANAGE_LOAD privilege. If so, no additional checks are required. If not
bindNode sets up the privilege structure (stoi) and saves it in the binder work
area. Later, checkPrivileges is called and privileges checked as required.