hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan Gates" <ga...@hortonworks.com>
Subject Re: Review Request 25616: HIVE-7790 Update privileges to check for update and delete
Date Sun, 14 Sep 2014 21:34:41 GMT


> On Sept. 14, 2014, 7:13 a.m., Thejas Nair wrote:
> > itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java,
line 272
> > <https://reviews.apache.org/r/25616/diff/1/?file=688987#file688987line272>
> >
> >     It would be good to also verify the input columns being passed here.

But I don't put the input columns in the list.  You don't need read permissions to update,
so I'm not adding these to a list to be checked.


> On Sept. 14, 2014, 7:13 a.m., Thejas Nair wrote:
> > itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java,
line 273
> > <https://reviews.apache.org/r/25616/diff/1/?file=688987#file688987line273>
> >
> >     A similar test for delete would also be useful, specially for testing the input
columns being passed.

Same as above on update, I'm not checking read permissions, so there's no list of input columns.


> On Sept. 14, 2014, 7:13 a.m., Thejas Nair wrote:
> > ql/src/java/org/apache/hadoop/hive/ql/Driver.java, line 506
> > <https://reviews.apache.org/r/25616/diff/1/?file=688988#file688988line506>
> >
> >     Can you also change the variable name of tab2cols to indicate that it is the
table to input column mapping (since we have updateTab2Cols) ? maybe selectTab2Cols or inputTab2Cols

Changed to selectTab2Cols


- Alan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25616/#review53277
-----------------------------------------------------------


On Sept. 14, 2014, 4:30 a.m., Alan Gates wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/25616/
> -----------------------------------------------------------
> 
> (Updated Sept. 14, 2014, 4:30 a.m.)
> 
> 
> Review request for hive and Thejas Nair.
> 
> 
> Bugs: HIVE-7790
>     https://issues.apache.org/jira/browse/HIVE-7790
> 
> 
> Repository: hive-git
> 
> 
> Description
> -------
> 
> Adds update and delete as action and adds checks for authorization during update and
delete. Also adds passing of updated columns in case authorizer wishes to check them.
> 
> 
> Diffs
> -----
> 
>   itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java
53d88b0 
>   ql/src/java/org/apache/hadoop/hive/ql/Driver.java 298f429 
>   ql/src/java/org/apache/hadoop/hive/ql/parse/BaseSemanticAnalyzer.java b2f66e0 
>   ql/src/java/org/apache/hadoop/hive/ql/parse/UpdateDeleteSemanticAnalyzer.java 3aaa09c

>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
93df9f4 
>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java
093b4fd 
>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/Operation2Privilege.java
3236341 
>   ql/src/test/queries/clientnegative/authorization_delete_nodeletepriv.q PRE-CREATION

>   ql/src/test/queries/clientnegative/authorization_update_noupdatepriv.q PRE-CREATION

>   ql/src/test/queries/clientpositive/authorization_delete.q PRE-CREATION 
>   ql/src/test/queries/clientpositive/authorization_delete_own_table.q PRE-CREATION 
>   ql/src/test/queries/clientpositive/authorization_update.q PRE-CREATION 
>   ql/src/test/queries/clientpositive/authorization_update_own_table.q PRE-CREATION 
>   ql/src/test/results/clientnegative/authorization_delete_nodeletepriv.q.out PRE-CREATION

>   ql/src/test/results/clientnegative/authorization_update_noupdatepriv.q.out PRE-CREATION

>   ql/src/test/results/clientpositive/authorization_delete.q.out PRE-CREATION 
>   ql/src/test/results/clientpositive/authorization_delete_own_table.q.out PRE-CREATION

>   ql/src/test/results/clientpositive/authorization_update.q.out PRE-CREATION 
>   ql/src/test/results/clientpositive/authorization_update_own_table.q.out PRE-CREATION

> 
> Diff: https://reviews.apache.org/r/25616/diff/
> 
> 
> Testing
> -------
> 
> Added tests, both positive and negative, for update and delete, including ability to
update and delete tables created by user.  Also added tests for passing correct update columns.
> 
> 
> Thanks,
> 
> Alan Gates
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message