hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Navis (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-2818) Create table should check privilege of target database, not default database
Date Thu, 13 Feb 2014 05:01:21 GMT

    [ https://issues.apache.org/jira/browse/HIVE-2818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13900018#comment-13900018
] 

Navis commented on HIVE-2818:
-----------------------------

Some operation induces other operation. For example, import operation creates table if the
table is not exists. In this case, we cannot authorize the induces operation(create table:CREATE
for DATABASE) with original operation(import:ALTER_METADATA and ALTER_DATA for TABLE).

It's once checked in Driver (if operation == IMPORT than iterate tasks.. find CREATE.. authorize
for that, etc.). But I thought this is far easier than that.

Intended to add review board link when the test passed. Considering It's rebased from totally
different version, which is based on hive-0.11+200patches, you might understand my reluctancy.


> Create table should check privilege of target database, not default database
> ----------------------------------------------------------------------------
>
>                 Key: HIVE-2818
>                 URL: https://issues.apache.org/jira/browse/HIVE-2818
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization, Security
>    Affects Versions: 0.7.1
>            Reporter: Benyi Wang
>            Assignee: Navis
>         Attachments: HIVE-2818.1.patch.txt, HIVE-2818.2.patch.txt, HIVE-2818.3.patch.txt,
HIVE-2818.4.patch.txt, HIVE-2818.5.patch.txt, HIVE-2818.6.patch.txt
>
>
> Hive seems check the current database to determine the privilege of a statement when
you use fully qualified name like 'database.table'
>  
> {code}
> hive> set hive.security.authorization.enabled=true;
> hive> create database test_db;
> hive> grant all on database test_db to user test_user;
> hive> revoke all on database default from test_user;
> hive> use default;
> hive> create table test_db.new_table (id int);
> Authorization failed:No privilege 'Create' found for outputs { database:default}. Use
show grant to get more details.
> hive> use test_db;
> hive> create table test_db.new_table (id int);
> {code}



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message