hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Na Li (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-17544) Provide all required info for Authorization
Date Fri, 29 Sep 2017 19:47:03 GMT

     [ https://issues.apache.org/jira/browse/HIVE-17544?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Na Li updated HIVE-17544:
-------------------------
    Description: 
Right now, for authorization 2, the HiveAuthorizationValidator.checkPrivileges(HiveOperationType
var1, List<HivePrivilegeObject> var2, List<HivePrivilegeObject> var3, HiveAuthzContext
var4) does not contain the parsed sql command string as input. Therefore, Sentry has to parse
the command again.

The API should be changed to include all required information as input, so Sentry does not
need to parse the sql command string again.

known situations:
1) when dropping a database which does not exist, hive should not call sentry or it calls
sentry with database name as input

2) when creating function, hive should provide UDF class name as input.

  was:
Right now, for authorization 2, the HiveAuthorizationValidator.checkPrivileges(HiveOperationType
var1, List<HivePrivilegeObject> var2, List<HivePrivilegeObject> var3, HiveAuthzContext
var4) does not contain the parsed sql command string as input. Therefore, Sentry has to parse
the command again.

The API should be changed to include all required information as input, so Sentry does not
need to parse the sql command string again.


> Provide all required info for Authorization
> -------------------------------------------
>
>                 Key: HIVE-17544
>                 URL: https://issues.apache.org/jira/browse/HIVE-17544
>             Project: Hive
>          Issue Type: Task
>          Components: Authorization
>    Affects Versions: 2.1.1
>            Reporter: Na Li
>            Assignee: Aihua Xu
>            Priority: Critical
>
> Right now, for authorization 2, the HiveAuthorizationValidator.checkPrivileges(HiveOperationType
var1, List<HivePrivilegeObject> var2, List<HivePrivilegeObject> var3, HiveAuthzContext
var4) does not contain the parsed sql command string as input. Therefore, Sentry has to parse
the command again.
> The API should be changed to include all required information as input, so Sentry does
not need to parse the sql command string again.
> known situations:
> 1) when dropping a database which does not exist, hive should not call sentry or it calls
sentry with database name as input
> 2) when creating function, hive should provide UDF class name as input.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message