You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using Lake Formation, OpenSearch should limit the Spark SQL queries to only SELECT to limit the capability of users to escalate privilege beyond what Lake Formation actually grants the user.
This proposal includes 2 main pieces:
Define a more limited ANTLR grammar that restricts SQL grammar to only SELECT, COVERING INDEX, and MATERIALIZED VIEW
If Lake Formation is enabled, validate that SQL is restricted to that grammar.
The text was updated successfully, but these errors were encountered:
This change should be pretty similar to #2790, where a different grammar file needs to be used that scopes down SQL commands. The ANTLR generated lexer for that grammar should be used to validate the query and throw an exception if grammar that is not permitted is used.
When using Lake Formation, OpenSearch should limit the Spark SQL queries to only SELECT to limit the capability of users to escalate privilege beyond what Lake Formation actually grants the user.
This proposal includes 2 main pieces:
The text was updated successfully, but these errors were encountered: