hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thejas M Nair (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-11179) HIVE should allow custom converting from HivePrivilegeObjectDesc to privilegeObject for different authorizers
Date Wed, 09 Dec 2015 02:30:11 GMT

    [ https://issues.apache.org/jira/browse/HIVE-11179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15047897#comment-15047897
] 

Thejas M Nair commented on HIVE-11179:
--------------------------------------

[~Ferd] branch-1.2 is a maintenance branch, we should not be making any api changes there.
Only bug fixes are supposed to go there. Also, it is customary to consult with the release
manager of that line before making changes in that line. Can you please roll back the api
change from branch-1.2 ?

cc [~sushanth]


> HIVE should allow custom converting from HivePrivilegeObjectDesc to privilegeObject for
different authorizers
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-11179
>                 URL: https://issues.apache.org/jira/browse/HIVE-11179
>             Project: Hive
>          Issue Type: Improvement
>            Reporter: Dapeng Sun
>            Assignee: Dapeng Sun
>              Labels: Authorization
>             Fix For: 1.3.0, 1.2.1, 2.0.0
>
>         Attachments: HIVE-11179.001.patch, HIVE-11179.001.patch
>
>
> HIVE should allow custom converting from HivePrivilegeObjectDesc to privilegeObject for
different authorizers:
> There is a case in Apache Sentry: Sentry support uri and server level privilege, but
in hive side, it uses {{AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc)}} to do
the converting, and the code in {{getHivePrivilegeObject()}} only handle the scenes for table
and database 
> {noformat}
> privSubjectDesc.getTable() ? HivePrivilegeObjectType.TABLE_OR_VIEW :
>         HivePrivilegeObjectType.DATABASE;
> {noformat}
> A solution is move this method to {{HiveAuthorizer}}, so that a custom Authorizer could
enhance it.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message