hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thejas Nair" <the...@hortonworks.com>
Subject Re: Review Request 25616: HIVE-7790 Update privileges to check for update and delete
Date Mon, 15 Sep 2014 07:24:53 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25616/#review53316
-----------------------------------------------------------



itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java
<https://reviews.apache.org/r/25616/#comment92956>

    Wouldn't select permissions for using column j in where clause be needed ?
    In most databases, you get to know the number of rows getting updated. Using that information,
with the query in the test, you could find number of columns where "j = 3".
    I haven't verified what SQL spec says about this (privileges needed for including columns
in where clause in update statement.) Postgres says it is needed :
    http://www.postgresql.org/docs/9.2/static/sql-update.html
    "You must have the UPDATE privilege on the table, or at least on the column(s) that are
listed to be updated. You must also have the SELECT privilege on any column whose values are
read in the expressions or condition."


- Thejas Nair


On Sept. 14, 2014, 4:30 a.m., Alan Gates wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/25616/
> -----------------------------------------------------------
> 
> (Updated Sept. 14, 2014, 4:30 a.m.)
> 
> 
> Review request for hive and Thejas Nair.
> 
> 
> Bugs: HIVE-7790
>     https://issues.apache.org/jira/browse/HIVE-7790
> 
> 
> Repository: hive-git
> 
> 
> Description
> -------
> 
> Adds update and delete as action and adds checks for authorization during update and
delete. Also adds passing of updated columns in case authorizer wishes to check them.
> 
> 
> Diffs
> -----
> 
>   itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java
53d88b0 
>   ql/src/java/org/apache/hadoop/hive/ql/Driver.java 298f429 
>   ql/src/java/org/apache/hadoop/hive/ql/parse/BaseSemanticAnalyzer.java b2f66e0 
>   ql/src/java/org/apache/hadoop/hive/ql/parse/UpdateDeleteSemanticAnalyzer.java 3aaa09c

>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
93df9f4 
>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java
093b4fd 
>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/Operation2Privilege.java
3236341 
>   ql/src/test/queries/clientnegative/authorization_delete_nodeletepriv.q PRE-CREATION

>   ql/src/test/queries/clientnegative/authorization_update_noupdatepriv.q PRE-CREATION

>   ql/src/test/queries/clientpositive/authorization_delete.q PRE-CREATION 
>   ql/src/test/queries/clientpositive/authorization_delete_own_table.q PRE-CREATION 
>   ql/src/test/queries/clientpositive/authorization_update.q PRE-CREATION 
>   ql/src/test/queries/clientpositive/authorization_update_own_table.q PRE-CREATION 
>   ql/src/test/results/clientnegative/authorization_delete_nodeletepriv.q.out PRE-CREATION

>   ql/src/test/results/clientnegative/authorization_update_noupdatepriv.q.out PRE-CREATION

>   ql/src/test/results/clientpositive/authorization_delete.q.out PRE-CREATION 
>   ql/src/test/results/clientpositive/authorization_delete_own_table.q.out PRE-CREATION

>   ql/src/test/results/clientpositive/authorization_update.q.out PRE-CREATION 
>   ql/src/test/results/clientpositive/authorization_update_own_table.q.out PRE-CREATION

> 
> Diff: https://reviews.apache.org/r/25616/diff/
> 
> 
> Testing
> -------
> 
> Added tests, both positive and negative, for update and delete, including ability to
update and delete tables created by user.  Also added tests for passing correct update columns.
> 
> 
> Thanks,
> 
> Alan Gates
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message