hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yongzhi Chen (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HIVE-13991) Union All on view fail with no valid permission on underneath table
Date Thu, 23 Jun 2016 15:10:17 GMT

    [ https://issues.apache.org/jira/browse/HIVE-13991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15346513#comment-15346513
] 

Yongzhi Chen edited comment on HIVE-13991 at 6/23/16 3:09 PM:
--------------------------------------------------------------

[~aihuaxu], how about the review? Thanks
>From following analyzeInternal code, there are many step in the analyze:
First step is generate resolved parse tree, second step is Generate Op tree...
{noformat}
void analyzeInternal(ASTNode ast, PlannerContext plannerCtx) throws SemanticException {
    // 1. Generate Resolved Parse tree from syntax tree
    LOG.info("Starting Semantic Analysis");
    if (!genResolvedParseTree(ast, plannerCtx)) {
      return;
    }

    // 2. Gen OP Tree from resolved Parse Tree
    Operator sinkOp = genOPTree(ast, plannerCtx);

    // 3. Deduce Resultset Schema
    if (createVwDesc != null) {
      resultSchema = convertRowSchemaToViewSchema(opParseCtx.get(sinkOp).getRowResolver());
    } else {
{noformat}
Only ReadEntities generated during genResolvedParseTree are directly related to the query
and should be used by sentry to check permissions. And ,in this step, the ReadEntity without
parents should be treated as ReadEntity with direct reference to table and should be merged
with ReadEntity with same name. ReadEntity generated in other steps is for intermediate node
and partially calculated without view's information, so these ReadEntity should not be merged
if isDirect is true if without parents. mergeIsDirect is used to tell first step from other
steps.


was (Author: ychena):
[~aihuaxu], how about the review? Thanks

> Union All on view fail with no valid permission on underneath table
> -------------------------------------------------------------------
>
>                 Key: HIVE-13991
>                 URL: https://issues.apache.org/jira/browse/HIVE-13991
>             Project: Hive
>          Issue Type: Bug
>          Components: Query Planning
>            Reporter: Yongzhi Chen
>            Assignee: Yongzhi Chen
>         Attachments: HIVE-13991.1.patch, HIVE-13991.2.patch
>
>
> When sentry is enabled. 
> create view V as select * from T;
> When the user has read permission on view V, but does not have read permission on table
T,
> select * from V union all select * from V 
> failed with:
> {noformat}
> 0: jdbc:hive2://********> select * from s07view union all select * from s07view limit
1;
> Error: Error while compiling statement: FAILED: SemanticException No valid privileges
>  Required privileges for this query: Server=server1->Db=default->Table=sample_07->action=select;
(state=42000,code=40000)
> {noformat} 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message