Allow SELECT * when using RBAC and Row level Filters

[volfco]

When running SELECT * FROM queryMetrics as a restricted user (Clickhouse 20.4.2.9) that has a limited SELECT GRANT, you get the following error:

Code: 497. DB::Exception: Received from 127.0.0.1:9000. DB::Exception: dyn_testing: Not enough privileges. To execute this query it's necessary to have the grant SELECT(Timestamp, Remote, QType, QName, Buffer, Cached, Datacenter, Server, IsTcp, DomainName, RecordName, DomainID) ON default.queryMetrics. 

I'm using the following GRANT statement:

GRANT SELECT(Cached, Timestamp, QType, QName, Datacenter, DomainName, RecordName, DomainID) ON default.queryMetrics ON CLUSTER metrics TO dyn_testing WITH GRANT OPTION;

What I would like to see, is that the wildcard doesn't return with an error, but selects everything the user has access to. The only time an error would occur is if the restricted user tries to query a column they don't have permissions for.

This way the user doesn't need to manually specify the fields, and the database doesn't leak the fact that the user is not seeing all the columns in the table.