hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashu Pachauri (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-6250) sql std auth - view authorization should not underlying table. More tests and fixes.
Date Tue, 26 Aug 2014 21:54:00 GMT

    [ https://issues.apache.org/jira/browse/HIVE-6250?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14111402#comment-14111402
] 

Ashu Pachauri commented on HIVE-6250:
-------------------------------------

[~thejas] I looked into the problem. The problem occurs when you use Default Hive Authorization
instead of sql standard authorization. Since, this change separates owner grants from user
grants and default authorization does not take care of this separation, the problem occurs.
Is this the expected behavior with default authorization?   If not, I can create a new jira
with a possible fix that I tried with our deployment which seems to be working fine.

> sql std auth - view authorization should not underlying table. More tests and fixes.
> ------------------------------------------------------------------------------------
>
>                 Key: HIVE-6250
>                 URL: https://issues.apache.org/jira/browse/HIVE-6250
>             Project: Hive
>          Issue Type: Sub-task
>          Components: Authorization
>            Reporter: Thejas M Nair
>            Assignee: Thejas M Nair
>             Fix For: 0.13.0
>
>         Attachments: HIVE-6250.1.patch, HIVE-6250.2.patch
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> This patch adds more tests for table and view authorization and also fixes a number of
issues found during testing -
> - View authorization should happen on only on the view, and not the underlying table
(Change in ReadEntity to indicate if it is a direct/indirect dependency)
> - table owner in metadata should be the user as per SessionState authentication provider
> - added utility function for finding the session state authentication provider user
> - authorization should be based on current roles
> - admin user should have all permissions
> - error message improvements



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message