hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Navis (JIRA)" <>
Subject [jira] [Commented] (HIVE-2818) Create table should check privilege of target database, not default database
Date Thu, 13 Feb 2014 05:01:21 GMT


Navis commented on HIVE-2818:

Some operation induces other operation. For example, import operation creates table if the
table is not exists. In this case, we cannot authorize the induces operation(create table:CREATE
for DATABASE) with original operation(import:ALTER_METADATA and ALTER_DATA for TABLE).

It's once checked in Driver (if operation == IMPORT than iterate tasks.. find CREATE.. authorize
for that, etc.). But I thought this is far easier than that.

Intended to add review board link when the test passed. Considering It's rebased from totally
different version, which is based on hive-0.11+200patches, you might understand my reluctancy.

> Create table should check privilege of target database, not default database
> ----------------------------------------------------------------------------
>                 Key: HIVE-2818
>                 URL:
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization, Security
>    Affects Versions: 0.7.1
>            Reporter: Benyi Wang
>            Assignee: Navis
>         Attachments: HIVE-2818.1.patch.txt, HIVE-2818.2.patch.txt, HIVE-2818.3.patch.txt,
HIVE-2818.4.patch.txt, HIVE-2818.5.patch.txt, HIVE-2818.6.patch.txt
> Hive seems check the current database to determine the privilege of a statement when
you use fully qualified name like 'database.table'
> {code}
> hive> set;
> hive> create database test_db;
> hive> grant all on database test_db to user test_user;
> hive> revoke all on database default from test_user;
> hive> use default;
> hive> create table test_db.new_table (id int);
> Authorization failed:No privilege 'Create' found for outputs { database:default}. Use
show grant to get more details.
> hive> use test_db;
> hive> create table test_db.new_table (id int);
> {code}

This message was sent by Atlassian JIRA

View raw message