RBAC: User is able to SELECT FROM VIEW without full source table privilege. #14149

MyroTk · 2020-08-26T23:35:12Z

Describe the bug
User is able to SELECT FROM VIEW that includes a JOIN statement only having select privilege on one of the source tables.

How to reproduce

ClickHouse server version 20.8.1 revision 54438.
CREATE TABLE statements for all tables involved

clicktest :) show create table table0

SHOW CREATE TABLE table0

┌─statement─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ CREATE TABLE default.table0
(
    `d` Date,
    `a` String,
    `b` UInt8,
    `x` String,
    `y` Int8
)
ENGINE = MergeTree()
ORDER BY d
SETTINGS index_granularity = 8192 │
└───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘

1 rows in set. Elapsed: 0.007 sec.

clicktest :) show create table table1

SHOW CREATE TABLE table1

┌─statement─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ CREATE TABLE default.table1
(
    `d` Date,
    `a` String,
    `b` UInt8,
    `x` String,
    `y` Int8
)
ENGINE = MergeTree()
ORDER BY d
SETTINGS index_granularity = 8192 │
└───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘

1 rows in set. Elapsed: 0.005 sec.

clicktest :) show create view0

SHOW CREATE TABLE view0

┌─statement──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ CREATE VIEW default.view0
(
    `d` Date,
    `a` String,
    `b` UInt8,
    `x` String,
    `y` Int8,
    `table1.a` String,
    `table1.b` UInt8,
    `table1.x` String,
    `table1.y` Int8
) AS
SELECT *
FROM default.table0
INNER JOIN default.table1 USING (d) │
└────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘

1 rows in set. Elapsed: 0.005 sec.

Queries to run that lead to unexpected result

ClickHouse client version 20.8.1.4447 (official build).
Connecting to localhost:9000 as user user0.
Connected to ClickHouse server version 20.8.1 revision 54438.

clicktest :) select * from view0

SELECT *
FROM view0

Ok.

0 rows in set. Elapsed: 0.017 sec.

Expected behavior
User should be unable to select from a view without full select privelege.

The text was updated successfully, but these errors were encountered:

MyroTk · 2020-08-27T17:46:06Z

@vitlibar

MyroTk added the bug Confirmed user-visible misbehaviour in official release label Aug 26, 2020

filimonov added the comp-rbac Access control related label Aug 27, 2020

vitlibar self-assigned this Nov 24, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RBAC: User is able to SELECT FROM VIEW without full source table privilege. #14149

RBAC: User is able to SELECT FROM VIEW without full source table privilege. #14149

MyroTk commented Aug 26, 2020

MyroTk commented Aug 27, 2020

RBAC: User is able to SELECT FROM VIEW without full source table privilege. #14149

RBAC: User is able to SELECT FROM VIEW without full source table privilege. #14149

Comments

MyroTk commented Aug 26, 2020

MyroTk commented Aug 27, 2020