search

StarRocks / starrocks

The world's fastest open query engine for sub-second analytics both on and off the data lakehouse. With the flexibility to support nearly any scenario, StarRocks provides best-in-class performance for multi-dimensional analytics, real-time analytics, and ad-hoc queries. A Linux Foundation project.
https://starrocks.io
Apache License 2.0
9.09k stars 1.82k forks source link

Missing collection of columns in join condition when enable column level access control #44149

Closed gnehc-hc closed 3 weeks ago

gnehc-hc commented 7 months ago

Steps to reproduce the behavior (Required)

1, Table prepare

create table quickstart.test_table
(id int, name varchar(100), age int, hobby varchar(100))
ENGINE = olap
PROPERTIES(
    "replication_num" = "1"
);

create table quickstart.test_table2
(id int, subject varchar(100), score int)
ENGINE = olap
PROPERTIES(
    "replication_num" = "1"
);

2, Reproduce

select t1.*, t2.subject
from quickstart.test_table t1
join quickstart.test_table2  t2 on t1.id = t2.id
where t2.score = 100
;

Expected behavior (Required)

AnalyzerUtils#collectAllSelectTableColumns()

@Override
public Void visitQueryStatement(QueryStatement statement, ConnectContext context) {
    Map<TableName, Relation> allTablesRelations = AnalyzerUtils.collectAllTableAndViewRelations(statement);
    if (Config.authorization_enable_column_level_privilege) {
        try {
            checkSelectTableAction(context, allTablesRelations);
        } catch (ErrorReportException e) {
            Map<TableName, Set<String>> allTouchedColumns = AnalyzerUtils.collectAllSelectTableColumns(statement);
            checkCanSelectFromColumns(context, allTouchedColumns, allTablesRelations);
        }
    } else {
        checkSelectTableAction(context, allTablesRelations);
    }
    return null;
}

With Map<TableName, Set<String>> allTouchedColumns = AnalyzerUtils.collectAllSelectTableColumns(statement);, all the columns of quickstart.test_table t1 and id, subject, score of quickstart.test_table2 t2 should exist in allTouchedColumns

Real behavior (Required)

But there are only id of quickstart.test_table t1 and id, subject, score of quickstart.test_table2 t2 in allTouchedColumns

StarRocks version (Required)

main

gnehc-hc commented 7 months ago

I will fix this

github-actions[bot] commented 1 month ago

We have marked this issue as stale because it has been inactive for 6 months. If this issue is still relevant, removing the stale label or adding a comment will keep it active. Otherwise, we'll close it in 10 days to keep the issue queue tidy. Thank you for your contribution to StarRocks!