Failed analyzing stored view when using File Based Authorization

[chengat1314]

When we use File Based Authorization, we can't query the view Based on documentation: https://prestodb.io/docs/current/connector/hive-security.html#hive-file-based-authorization Is this because presto only support access control for physical table? the access configuration(tables) for user hive is { "schema": "hive", "schema": ".", "table": ".", "privileges": ["SELECT", "INSERT", "DELETE", "OWNERSHIP", "GRANT_SELECT"] }

Error: Query 20161115_092547_00004_tv46x failed: line 1:15: Failed analyzing stored view 'hive.public.cities': Access Denied: Cannot select from table public.cities_sg ;

But when I query public.cities_sg by select * from public.cities_sg limit 4; this is work fine.

BTW, I found the code is https://github.com/prestodb/presto/blob/8c34f4e19ad4d928725b0182628b70e0646e2933/presto-main/src/main/java/com/facebook/presto/sql/analyzer/StatementAnalyzer.java

Thanks Cheng Feng

[chengat1314]

I found one line comment // run view as view owner if set; otherwise, run as session user is that because the user have access to both of the table and view. but the presto is using some session user to query the table? but in the File Based Authorization configuration file, we haven't add the access for the session user ?

thanks Cheng Feng

[dain]

A view runs as the owner of the view, and is a way for a user with more permissions to grant limited access to a user with less permissions. This means that the query inside of the view is analyzed using the permissions of the user that owns the view. If the vies does not have an owner, then we verify that the user accessing the view has permissions to the data.

Anyway, the owner of the view will need SELECT with GRANT of all tables in the view.

[chengat1314]

Thank you very much!

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.