Skip to content

RBAC - User with SELECT and CREATE TABLE on table1 can access table2 without SELECT on table2 using merge() #16964

Closed
#18104
#17983
Closed
RBAC - User with SELECT and CREATE TABLE on table1 can access table2 without SELECT on table2 using merge()#16964
#18104
#17983
Assignees
vitlibar
Labels
comp-rbacAuthorization: roles, grants, quotas, row-level security, access checks.unexpected behaviourResult is unexpected, but not entirely wrong at the same time.
@MyroTk

Description

@MyroTk
MyroTk
opened on Nov 13, 2020

Describe the unexpected behaviour
User with CREATE TABLE ON table1 and SELECT ON table1 is not able to execute SELECT * FROM table2 or CREATE TABLE table1 AS SELECT * FROM table2 because they need SELECT ON table2 , but they are able to execute CREATE TABLE table1 AS merge(default, 'table2') and SELECT * FROM table1 to see the contents of table2.

How to reproduce

  • ClickHouse server version 20.12.1 revision 54442
  • CREATE TABLE statements for all tables involved
CREATE TABLE table2 (x Int8) ENGINE = Memory
  • Queries to run that lead to unexpected result
clickhouse1 :) CREATE TABLE table1 AS merge(default,'table2')

CREATE TABLE table1 AS merge(default, 'table2')

Query id: 8f18f4be-3a6d-48f3-96df-005634a87296

Ok.

0 rows in set. Elapsed: 0.010 sec.

Metadata

Metadata

Assignees

Labels

comp-rbacAuthorization: roles, grants, quotas, row-level security, access checks.unexpected behaviourResult is unexpected, but not entirely wrong at the same time.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions