hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hive QA (JIRA)" <>
Subject [jira] [Commented] (HIVE-15120) Storage based auth: allow option to enforce write checks for external tables
Date Tue, 08 Nov 2016 00:10:58 GMT


Hive QA commented on HIVE-15120:

Here are the results of testing the latest attachment:

{color:green}SUCCESS:{color} +1 due to 2 test(s) being added or modified.

{color:red}ERROR:{color} -1 due to 5 failed/errored test(s), 10628 tests executed
*Failed tests:*
org.apache.hadoop.hive.cli.TestMiniLlapLocalCliDriver.testCliDriver[join_acid_non_acid] (batchId=150)
org.apache.hadoop.hive.cli.TestMiniLlapLocalCliDriver.testCliDriver[union_fast_stats] (batchId=145)
org.apache.hadoop.hive.cli.TestMiniTezCliDriver.testCliDriver[explainanalyze_4] (batchId=91)
org.apache.hadoop.hive.cli.TestMiniTezCliDriver.testCliDriver[explainanalyze_5] (batchId=90)

Test results:
Console output:
Test logs:

Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 5 tests failed

This message is automatically generated.

ATTACHMENT ID: 12837842 - PreCommit-HIVE-Build

> Storage based auth: allow option to enforce write checks for external tables
> ----------------------------------------------------------------------------
>                 Key: HIVE-15120
>                 URL:
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization
>            Reporter: Thejas M Nair
>            Assignee: Daniel Dai
>         Attachments: HIVE-15120.1.patch, HIVE-15120.2.patch
> Under storage based authorization, we don't require write permissions on table directory
for external table create/drop.
> This is because external table contents are populated often from outside of hive and
are not written into from hive. So write access is not needed. Also, we can't require write
permissions to drop a table if we don't require them for creation (users who created them
should be able to drop them).
> However, this difference in behavior of external tables is not well documented. So users
get surprised to learn that drop table can be done by just any user who has read access to
the directory. At that point changing the large number of scripts that use external tables
is hard. 
> It would be good to have a user config option to have external tables to be treated same
as managed tables.
> The option should be off by default, so that the behavior is backward compatible by default.

This message was sent by Atlassian JIRA

View raw message