hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vineet Garg <vg...@hortonworks.com>
Subject Re: Review Request 43834: Support view column authorization
Date Wed, 17 May 2017 23:08:58 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43834/#review175326
-----------------------------------------------------------




ql/src/java/org/apache/hadoop/hive/ql/optimizer/calcite/rules/HiveRelFieldTrimmer.java
Lines 390 (patched)
<https://reviews.apache.org/r/43834/#comment248778>

    Hi Pengcheng,
    
    I know this is pretty old change but I would like to know few things about this change
(as I am running into issues while trying to fix HIVE-16689)
    
    1) If I understand this project here corresponds to view and we are trying to populate
column access for this view from corresponding table. What is the reason columnAccessInfo
is restricted to columns which are being used i.e. only if fieldsUsed.get(ord.id) is true.
Is there any side effect of adding all columns from tab? 
    2) What is the reason columnAccessInfo is populated here? instead of for example durin
genLogicalPlan?
    
    RelTrimmer expects its plan to not have subquery (this could be bug or expected behavior
I am not sure about) so we need to call remove subquery before calling RelTrimmer. But calling
remove subquery before RelTrimmer changes the plan and makes 'Project' cached in viewProjectToTableSchema
invalid. As a result columnAccessInfo is not populated and view authorization breaks. That
is why I am trying to figure out why is it necessary to populate columnAccess.
    Note that we do not even use the plan after RelTrimmer's column pruning. We discard it
and only use columnAccessInfo.
    
    Your help will be much appreciated.
    
    -Vineet


- Vineet Garg


On Feb. 24, 2016, 7:44 a.m., pengcheng xiong wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43834/
> -----------------------------------------------------------
> 
> (Updated Feb. 24, 2016, 7:44 a.m.)
> 
> 
> Review request for hive and Ashutosh Chauhan.
> 
> 
> Repository: hive-git
> 
> 
> Description
> -------
> 
> HIVE-13095
> 
> 
> Diffs
> -----
> 
>   ql/src/java/org/apache/hadoop/hive/ql/Driver.java 10bd97b 
>   ql/src/java/org/apache/hadoop/hive/ql/optimizer/ColumnPruner.java c353e3e 
>   ql/src/java/org/apache/hadoop/hive/ql/optimizer/ColumnPrunerProcFactory.java 78bce23

>   ql/src/java/org/apache/hadoop/hive/ql/optimizer/calcite/rules/HiveRelFieldTrimmer.java
18145ae 
>   ql/src/java/org/apache/hadoop/hive/ql/parse/CalcitePlanner.java 809affb 
>   ql/src/java/org/apache/hadoop/hive/ql/parse/ParseContext.java 642c227 
>   ql/src/java/org/apache/hadoop/hive/ql/parse/QB.java f04b493 
>   ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzer.java 8a06582 
>   ql/src/java/org/apache/hadoop/hive/ql/parse/TaskCompiler.java fc555ca 
>   ql/src/test/queries/clientnegative/authorization_view_1.q PRE-CREATION 
>   ql/src/test/queries/clientnegative/authorization_view_2.q PRE-CREATION 
>   ql/src/test/queries/clientnegative/authorization_view_3.q PRE-CREATION 
>   ql/src/test/queries/clientnegative/authorization_view_4.q PRE-CREATION 
>   ql/src/test/queries/clientnegative/authorization_view_disable_cbo_1.q PRE-CREATION

>   ql/src/test/queries/clientnegative/authorization_view_disable_cbo_2.q PRE-CREATION

>   ql/src/test/queries/clientnegative/authorization_view_disable_cbo_3.q PRE-CREATION

>   ql/src/test/queries/clientnegative/authorization_view_disable_cbo_4.q PRE-CREATION

>   ql/src/test/queries/clientpositive/authorization_view_1.q PRE-CREATION 
>   ql/src/test/queries/clientpositive/authorization_view_disable_cbo_1.q PRE-CREATION

>   ql/src/test/results/clientnegative/authorization_view_1.q.out PRE-CREATION 
>   ql/src/test/results/clientnegative/authorization_view_2.q.out PRE-CREATION 
>   ql/src/test/results/clientnegative/authorization_view_3.q.out PRE-CREATION 
>   ql/src/test/results/clientnegative/authorization_view_4.q.out PRE-CREATION 
>   ql/src/test/results/clientnegative/authorization_view_disable_cbo_1.q.out PRE-CREATION

>   ql/src/test/results/clientnegative/authorization_view_disable_cbo_2.q.out PRE-CREATION

>   ql/src/test/results/clientnegative/authorization_view_disable_cbo_3.q.out PRE-CREATION

>   ql/src/test/results/clientnegative/authorization_view_disable_cbo_4.q.out PRE-CREATION

>   ql/src/test/results/clientpositive/authorization_view_1.q.out PRE-CREATION 
>   ql/src/test/results/clientpositive/authorization_view_disable_cbo_1.q.out PRE-CREATION

> 
> 
> Diff: https://reviews.apache.org/r/43834/diff/2/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> pengcheng xiong
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message