hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thejas Nair" <the...@hortonworks.com>
Subject Re: Review Request 23425: HIVE-7361: using authorization api for RESET, DFS, ADD, DELETE, COMPILE commands
Date Wed, 16 Jul 2014 22:09:00 GMT


> On July 16, 2014, 1:13 a.m., Jason Dere wrote:
> > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/Operation2Privilege.java,
line 315
> > <https://reviews.apache.org/r/23425/diff/2/?file=629671#file629671line315>
> >
> >     What does RESET do, just reset any config settings set via the SET command?
If SET is not currently being restricted, then maybe RESET should not either.

It also resets config setttings set using "-hiveconf" commandline parameter. But looks like
that happens only with hive cli and not HS2. So it would be safe to allow reset. 


> On July 16, 2014, 1:13 a.m., Jason Dere wrote:
> > ql/src/java/org/apache/hadoop/hive/ql/processors/AddResourceProcessor.java, line
35
> > <https://reviews.apache.org/r/23425/diff/2/?file=629662#file629662line35>
> >
> >     Should DeleteResourceProcessor also be updated to use the auth check?

Good catch!


- Thejas


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/23425/#review47832
-----------------------------------------------------------


On July 14, 2014, 5:13 p.m., Thejas Nair wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/23425/
> -----------------------------------------------------------
> 
> (Updated July 14, 2014, 5:13 p.m.)
> 
> 
> Review request for hive.
> 
> 
> Bugs: HIVE-7361
>     https://issues.apache.org/jira/browse/HIVE-7361
> 
> 
> Repository: hive-git
> 
> 
> Description
> -------
> 
> See jira HIVE-7361.
> 
> 
> Diffs
> -----
> 
>   itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestJdbcWithSQLAuthorization.java
abe5ffa 
>   itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerForTest.java
4474ce5 
>   itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidatorForTest.java
PRE-CREATION 
>   itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactoryForTest.java
89e18b3 
>   ql/src/java/org/apache/hadoop/hive/ql/processors/AddResourceProcessor.java 0532666

>   ql/src/java/org/apache/hadoop/hive/ql/processors/CommandProcessorResponse.java f29a409

>   ql/src/java/org/apache/hadoop/hive/ql/processors/CommandUtil.java PRE-CREATION 
>   ql/src/java/org/apache/hadoop/hive/ql/processors/CompileProcessor.java 8b8475b 
>   ql/src/java/org/apache/hadoop/hive/ql/processors/DfsProcessor.java d343a3c 
>   ql/src/java/org/apache/hadoop/hive/ql/processors/ResetProcessor.java b8ecfad 
>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveOperationType.java
0537b92 
>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java
db57cb6 
>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/GrantPrivAuthUtils.java
f99109b 
>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/Operation2Privilege.java
151df6a 
>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java
beb45f5 
>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
f2a4004 
>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java
8937cfa 
>   ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveOperationType.java
b990cb2 
>   ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessController.java
06f9258 
>   ql/src/test/queries/clientnegative/authorization_compile.q PRE-CREATION 
>   ql/src/test/queries/clientnegative/authorization_reset.q PRE-CREATION 
>   ql/src/test/results/clientnegative/authorization_addjar.q.out d206dca 
>   ql/src/test/results/clientnegative/authorization_addpartition.q.out 6331ae2 
>   ql/src/test/results/clientnegative/authorization_alter_db_owner.q.out 550cbcc 
>   ql/src/test/results/clientnegative/authorization_alter_db_owner_default.q.out 4df868e

>   ql/src/test/results/clientnegative/authorization_compile.q.out PRE-CREATION 
>   ql/src/test/results/clientnegative/authorization_create_func1.q.out 7c72092 
>   ql/src/test/results/clientnegative/authorization_create_func2.q.out 7c72092 
>   ql/src/test/results/clientnegative/authorization_create_macro1.q.out 7c72092 
>   ql/src/test/results/clientnegative/authorization_createview.q.out c86bdfa 
>   ql/src/test/results/clientnegative/authorization_ctas.q.out f8395b7 
>   ql/src/test/results/clientnegative/authorization_desc_table_nosel.q.out be56d34 
>   ql/src/test/results/clientnegative/authorization_dfs.q.out d685e78 
>   ql/src/test/results/clientnegative/authorization_drop_db_cascade.q.out 74ab4c8 
>   ql/src/test/results/clientnegative/authorization_drop_db_empty.q.out bd7447f 
>   ql/src/test/results/clientnegative/authorization_droppartition.q.out 1da250a 
>   ql/src/test/results/clientnegative/authorization_grant_table_allpriv.q.out 4aa7058

>   ql/src/test/results/clientnegative/authorization_grant_table_fail1.q.out f042c1e 
>   ql/src/test/results/clientnegative/authorization_grant_table_fail_nogrant.q.out a906a70

>   ql/src/test/results/clientnegative/authorization_insert_noinspriv.q.out 8de1104 
>   ql/src/test/results/clientnegative/authorization_insert_noselectpriv.q.out 46ada3b

>   ql/src/test/results/clientnegative/authorization_insertoverwrite_nodel.q.out fa0f7f7

>   ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_rename.q.out 8a7f2d2

>   ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_serdeprop.q.out
8a7f2d2 
>   ql/src/test/results/clientnegative/authorization_not_owner_drop_tab.q.out 4378b12 
>   ql/src/test/results/clientnegative/authorization_not_owner_drop_view.q.out 80378ac

>   ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out a62b7b3

>   ql/src/test/results/clientnegative/authorization_reset.q.out PRE-CREATION 
>   ql/src/test/results/clientnegative/authorization_rolehierarchy_privs.q.out 9f99d6f

>   ql/src/test/results/clientnegative/authorization_select.q.out f8395b7 
>   ql/src/test/results/clientnegative/authorization_select_view.q.out f253870 
>   ql/src/test/results/clientnegative/authorization_show_parts_nosel.q.out bd502d1 
>   ql/src/test/results/clientnegative/authorization_truncate.q.out 4d51bc4 
>   ql/src/test/results/clientnegative/authorize_create_tbl.q.out ec75b1d 
>   ql/src/test/results/clientnegative/temp_table_authorize_create_tbl.q.out ec75b1d 
> 
> Diff: https://reviews.apache.org/r/23425/diff/
> 
> 
> Testing
> -------
> 
> New tests included.
> 
> 
> Thanks,
> 
> Thejas Nair
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message