Return-Path: X-Original-To: apmail-hive-issues-archive@minotaur.apache.org Delivered-To: apmail-hive-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 64B15187EC for ; Wed, 9 Dec 2015 02:30:16 +0000 (UTC) Received: (qmail 98139 invoked by uid 500); 9 Dec 2015 02:30:11 -0000 Delivered-To: apmail-hive-issues-archive@hive.apache.org Received: (qmail 98095 invoked by uid 500); 9 Dec 2015 02:30:11 -0000 Mailing-List: contact issues-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hive.apache.org Delivered-To: mailing list issues@hive.apache.org Received: (qmail 98075 invoked by uid 99); 9 Dec 2015 02:30:11 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Dec 2015 02:30:11 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 01DF72C1F5C for ; Wed, 9 Dec 2015 02:30:11 +0000 (UTC) Date: Wed, 9 Dec 2015 02:30:11 +0000 (UTC) From: "Thejas M Nair (JIRA)" To: issues@hive.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HIVE-11179) HIVE should allow custom converting from HivePrivilegeObjectDesc to privilegeObject for different authorizers MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HIVE-11179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15047897#comment-15047897 ] Thejas M Nair commented on HIVE-11179: -------------------------------------- [~Ferd] branch-1.2 is a maintenance branch, we should not be making any api changes there. Only bug fixes are supposed to go there. Also, it is customary to consult with the release manager of that line before making changes in that line. Can you please roll back the api change from branch-1.2 ? cc [~sushanth] > HIVE should allow custom converting from HivePrivilegeObjectDesc to privilegeObject for different authorizers > ------------------------------------------------------------------------------------------------------------- > > Key: HIVE-11179 > URL: https://issues.apache.org/jira/browse/HIVE-11179 > Project: Hive > Issue Type: Improvement > Reporter: Dapeng Sun > Assignee: Dapeng Sun > Labels: Authorization > Fix For: 1.3.0, 1.2.1, 2.0.0 > > Attachments: HIVE-11179.001.patch, HIVE-11179.001.patch > > > HIVE should allow custom converting from HivePrivilegeObjectDesc to privilegeObject for different authorizers: > There is a case in Apache Sentry: Sentry support uri and server level privilege, but in hive side, it uses {{AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc)}} to do the converting, and the code in {{getHivePrivilegeObject()}} only handle the scenes for table and database > {noformat} > privSubjectDesc.getTable() ? HivePrivilegeObjectType.TABLE_OR_VIEW : > HivePrivilegeObjectType.DATABASE; > {noformat} > A solution is move this method to {{HiveAuthorizer}}, so that a custom Authorizer could enhance it. -- This message was sent by Atlassian JIRA (v6.3.4#6332)