This is an automated email from the ASF dual-hosted git repository.
szita pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push:
new aa0647e8df3 HIVE-25444: Make tables based on storage handlers
authorization (HIVE-24705) configurable (#3290) (originally contributed by Sai
Hemanth Gantasala, committed by Adam Szita, reviewed by Peter Vary)
aa0647e8df3 is described below
commit aa0647e8df330c00d14475b68ce4201d96c06b84
Author: Adam Szita <[email protected]>
AuthorDate: Tue May 17 15:19:05 2022 +0200
HIVE-25444: Make tables based on storage handlers authorization
(HIVE-24705) configurable (#3290) (originally contributed by Sai Hemanth
Gantasala, committed by Adam Szita, reviewed by Peter Vary)
---
common/src/java/org/apache/hadoop/hive/conf/HiveConf.java | 3 +++
.../hive/ql/security/authorization/command/CommandAuthorizerV2.java | 3 ++-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
index caf223dd91b..a14872995b5 100644
--- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
+++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
@@ -3568,6 +3568,9 @@ public class HiveConf extends Configuration {
HIVE_AUTHORIZATION_TASK_FACTORY("hive.security.authorization.task.factory",
"org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactoryImpl",
"Authorization DDL task factory implementation"),
+
HIVE_AUTHORIZATION_TABLES_ON_STORAGEHANDLERS("hive.security.authorization.tables.on.storagehandlers",
true,
+ "Enables authorization on tables with custom storage handlers as
implemented by HIVE-24705. " +
+ "Default setting is true. Useful for turning the feature off if the
corresponding ranger patch is missing."),
// if this is not set default value is set during config initialization
// Default value can't be set in this constructor as it would refer names
in other ConfVars
diff --git
a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java
index 191b27471f4..114d9b3186a 100644
---
a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java
+++
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java
@@ -178,7 +178,8 @@ final class CommandAuthorizerV2 {
tableName2Cols.get(Table.getCompleteName(table.getDbName(),
table.getTableName()));
hivePrivObject = new HivePrivilegeObject(privObjType, table.getDbName(),
table.getTableName(),
null, columns, actionType, null, null, table.getOwner(),
table.getOwnerType());
- if (table.getStorageHandler() != null) {
+ if (table.getStorageHandler() != null &&
HiveConf.getBoolVar(SessionState.getSessionConf(),
+ HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLES_ON_STORAGEHANDLERS)) {
//TODO: add hive privilege object for storage based handlers for
create and alter table commands.
if (hiveOpType == HiveOperationType.CREATETABLE ||
hiveOpType == HiveOperationType.ALTERTABLE_PROPERTIES ||
