hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Olaf Flebbe (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
Date Thu, 12 Mar 2015 10:27:38 GMT
Olaf Flebbe created HIVE-9941:
---------------------------------

             Summary: sql std authorization on partitioned table: truncate and insert
                 Key: HIVE-9941
                 URL: https://issues.apache.org/jira/browse/HIVE-9941
             Project: Hive
          Issue Type: Bug
          Components: Authorization
    Affects Versions: 0.14.0
            Reporter: Olaf Flebbe


sql std authorization works as expected.

However if a table is partitioned any user can truncate it
User foo:
{code}
create table bla (a string) partitioned by (b string);
#.. loading values ...
{code}

Admin:
{code}
0: jdbc:hive2://localhost:10000/default> set role admin;
No rows affected (0,074 seconds)
0: jdbc:hive2://localhost:10000/default> show grant on bla;
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
| database  | table  | partition  | column  | principal_name  | principal_type  | privilege
 | grant_option  |   grant_time   | grantor  |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
| default   | bla    |            |         | foo             | USER            | DELETE 
   | true          | 1426158997000  | foo      |
| default   | bla    |            |         | foo             | USER            | INSERT 
   | true          | 1426158997000  | foo      |
| default   | bla    |            |         | foo             | USER            | SELECT 
   | true          | 1426158997000  | foo      |
| default   | bla    |            |         | foo             | USER            | UPDATE 
   | true          | 1426158997000  | foo      |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
{code}

now user olaf
{code}
0: jdbc:hive2://localhost:10000/default> select * from bla;
Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied:
Principal [name=olaf, type=USER] does not have following privileges for operation QUERY [[SELECT]
on Object [type=TABLE_OR_VIEW, name=default.bla]] (state=42000,code=40000)
{code}

_BUT_
{code}
0: jdbc:hive2://localhost:10000/default> truncate table bla;
No rows affected (0,18 seconds)
{code}

And table is empty afterwards.


Similarily: {{insert into table}} works, too.





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message