hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesus Camacho Rodriguez (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
Date Wed, 25 May 2016 11:57:12 GMT

    [ https://issues.apache.org/jira/browse/HIVE-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15299938#comment-15299938
] 

Jesus Camacho Rodriguez commented on HIVE-9941:
-----------------------------------------------

[~sushanth], ready to go into 2.1.0? Thanks

> sql std authorization on partitioned table: truncate and insert
> ---------------------------------------------------------------
>
>                 Key: HIVE-9941
>                 URL: https://issues.apache.org/jira/browse/HIVE-9941
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization
>    Affects Versions: 1.0.0, 1.2.0
>            Reporter: Olaf Flebbe
>            Assignee: Sushanth Sowmyan
>         Attachments: HIVE-9941.patch
>
>
> sql std authorization works as expected.
> However if a table is partitioned any user can truncate it
> User foo:
> {code}
> create table bla (a string) partitioned by (b string);
> #.. loading values ...
> {code}
> Admin:
> {code}
> 0: jdbc:hive2://localhost:10000/default> set role admin;
> No rows affected (0,074 seconds)
> 0: jdbc:hive2://localhost:10000/default> show grant on bla;
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
> | database  | table  | partition  | column  | principal_name  | principal_type  | privilege
 | grant_option  |   grant_time   | grantor  |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
> | default   | bla    |            |         | foo             | USER            | DELETE
    | true          | 1426158997000  | foo      |
> | default   | bla    |            |         | foo             | USER            | INSERT
    | true          | 1426158997000  | foo      |
> | default   | bla    |            |         | foo             | USER            | SELECT
    | true          | 1426158997000  | foo      |
> | default   | bla    |            |         | foo             | USER            | UPDATE
    | true          | 1426158997000  | foo      |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
> {code}
> now user olaf
> {code}
> 0: jdbc:hive2://localhost:10000/default> select * from bla;
> Error: Error while compiling statement: FAILED: HiveAccessControlException Permission
denied: Principal [name=olaf, type=USER] does not have following privileges for operation
QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, name=default.bla]] (state=42000,code=40000)
> {code}
> works as expected.
> _BUT_
> {code}
> 0: jdbc:hive2://localhost:10000/default> truncate table bla;
> No rows affected (0,18 seconds)
> {code}
> _And table is empty afterwards_.
> Similarily: {{insert into table}} works, too.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message