hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lefty Leverenz (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-5961) Add explain authorize for checking privileges
Date Tue, 11 Nov 2014 22:34:34 GMT

    [ https://issues.apache.org/jira/browse/HIVE-5961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14207216#comment-14207216
] 

Lefty Leverenz commented on HIVE-5961:
--------------------------------------

Doc note:  This should be documented in the EXPLAIN wikidoc (with version information).  The
authorization docs should also mention it, perhaps with examples, and link to the EXPLAIN
syntax.

Question:  Does this work for all three types of authorization?

* [LanguageManual -- Explain | https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Explain]
* [LanguageManual -- Authorization | https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Authorization]
** [Storage Based Authorization | https://cwiki.apache.org/confluence/display/Hive/Storage+Based+Authorization+in+the+Metastore+Server]
** [SQL Standard Based Authorization | https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization]
** [Default Authorization -- Legacy Mode | https://cwiki.apache.org/confluence/display/Hive/Hive+Default+Authorization+-+Legacy+Mode]

> Add explain authorize for checking privileges
> ---------------------------------------------
>
>                 Key: HIVE-5961
>                 URL: https://issues.apache.org/jira/browse/HIVE-5961
>             Project: Hive
>          Issue Type: Improvement
>          Components: Authorization
>            Reporter: Navis
>            Assignee: Navis
>            Priority: Trivial
>              Labels: TODOC14
>             Fix For: 0.14.0
>
>         Attachments: HIVE-5961.1.patch.txt, HIVE-5961.2.patch.txt, HIVE-5961.3.patch.txt,
HIVE-5961.4.patch.txt, HIVE-5961.5.patch.txt, HIVE-5961.6.patch.txt
>
>
> For easy checking of need privileges for a query, 
> {noformat}
> explain authorize select * from src join srcpart
> INPUTS: 
>   default@srcpart
>   default@srcpart@ds=2008-04-08/hr=11
>   default@srcpart@ds=2008-04-08/hr=12
>   default@srcpart@ds=2008-04-09/hr=11
>   default@srcpart@ds=2008-04-09/hr=12
>   default@src
> OUTPUTS: 
>   file:/home/navis/apache/oss-hive/itests/qtest/target/tmp/localscratchdir/hive_2013-12-04_21-57-53_748_5323811717799107868-1/-mr-10000
> CURRENT_USER: 
>   hive_test_user
> OPERATION: 
>   QUERY
> AUTHORIZATION_FAILURES: 
>   No privilege 'Select' found for inputs { database:default, table:srcpart, columnName:key}
>   No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
>   No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
> {noformat}
> Hopefully good for debugging of authorization, which is in progress on HIVE-5837.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message