Cannot read from MV without SELECT privileges on Source table (SQL SECURITY) #64335

fm4v · 2024-05-24T00:31:10Z

If source table doesn't have SELECT privilege for DEFINER user, then any user can't read data from MV (not target).

Steps to reproduce:

pastila https://pastila.nl/?0071145c/d862152c9e1bea40efc7cee13e66352c#LG7ES2e24rNOGW0sBOGfsw== | clickhouse-client -n --echo

Result:

Code: 497. DB::Exception: Received from localhost:9000. DB::Exception: user_: Not enough privileges. To execute this query, it's necessary to have the grant SELECT(s) ON test.src. (ACCESS_DENIED)
(query: SELECT * FROM mv2; )

The text was updated successfully, but these errors were encountered:

pufit · 2024-05-27T05:41:25Z

This is probably not intended behavior, but still you shouldn't use a user without a SELECT grant on the source table as a definer because it will be impossible to insert into such MV.

fm4v added the potential bug To be reviewed by developers and confirmed/rejected. label May 24, 2024

alexey-milovidov added unexpected behaviour and removed potential bug To be reviewed by developers and confirmed/rejected. labels May 24, 2024

nikitamikhaylov assigned pufit May 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cannot read from MV without SELECT privileges on Source table (SQL SECURITY) #64335

Cannot read from MV without SELECT privileges on Source table (SQL SECURITY) #64335

fm4v commented May 24, 2024

pufit commented May 27, 2024

Cannot read from MV without SELECT privileges on Source table (SQL SECURITY) #64335

Cannot read from MV without SELECT privileges on Source table (SQL SECURITY) #64335

Comments

fm4v commented May 24, 2024

pufit commented May 27, 2024