(hive) branch master updated: HIVE-28898: Include table ownership details in getTableMetas() for RangerHiveAuthorizer (#5770)

[dengzh]

This is an automated email from the ASF dual-hosted git repository.

dengzh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git


The following commit(s) were added to refs/heads/master by this push:
     new 4554364b94e HIVE-28898: Include table ownership details in 
getTableMetas() for RangerHiveAuthorizer (#5770)
4554364b94e is described below

commit 4554364b94e60f10d3e4e723c8016ed3148b9198
Author: Hazel Jiang <107082535+jjiang...@users.noreply.github.com>
AuthorDate: Fri Apr 25 02:38:40 2025 -0700

    HIVE-28898: Include table ownership details in getTableMetas() for 
RangerHiveAuthorizer (#5770)
---
 .../plugin/metastore/HiveMetaStoreAuthorizer.java  |   4 +-
 .../filtercontext/TableFilterContext.java          |  47 +++--
 .../metastore/TestHiveMetaStoreAuthorizer.java     | 213 ++++++++++++++-------
 .../apache/hadoop/hive/metastore/HMSHandler.java   |  11 +-
 .../hadoop/hive/metastore/TestFilterHooks.java     |   3 +
 5 files changed, 187 insertions(+), 91 deletions(-)

diff --git 
a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizer.java
 
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizer.java
index 25eb646e8b3..6518fdea51a 100644
--- 
a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizer.java
+++ 
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizer.java
@@ -230,9 +230,9 @@ public List<TableMeta> filterTableMetas(String catName, 
String dbName, List<Tabl
         }
         tableNames.add(tableMeta.getTableName());
       });
-      TableFilterContext     tableFilterContext     = new 
TableFilterContext(dbName, tableNames);
+      TableFilterContext tableFilterContext = 
TableFilterContext.createFromTableMetas(dbName, tableMetas);
       HiveMetaStoreAuthzInfo hiveMetaStoreAuthzInfo = 
tableFilterContext.getAuthzContext();
-      final List<String>  filteredTableNames = 
filterTableNames(hiveMetaStoreAuthzInfo, dbName, tableNames);
+      final List<String> filteredTableNames = 
filterTableNames(hiveMetaStoreAuthzInfo, dbName, tableNames);
       if (!CollectionUtils.isEmpty(filteredTableNames)) {
         Set<String> filteredTabs = new HashSet<>(filteredTableNames);
         LOG.debug("<== HiveMetaStoreAuthorizer.filterTableMetas() : {}", 
filteredTabs);
diff --git 
a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/filtercontext/TableFilterContext.java
 
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/filtercontext/TableFilterContext.java
index a89e60e4a45..58dd51c75fc 100644
--- 
a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/filtercontext/TableFilterContext.java
+++ 
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/filtercontext/TableFilterContext.java
@@ -20,22 +20,23 @@
 
 package 
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.filtercontext;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.apache.hadoop.hive.metastore.api.Table;
+import org.apache.hadoop.hive.metastore.api.TableMeta;
 import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
 import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
 import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType;
 import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivObjectActionType;
 import 
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
 import 
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
 public class TableFilterContext extends HiveMetaStoreAuthorizableEvent {
-  private static final Logger LOG = 
LoggerFactory.getLogger(DatabaseFilterContext.class);
+  private static final Logger LOG = 
LoggerFactory.getLogger(TableFilterContext.class);
 
   List<Table> tables = null;
   List<String> tableNames = null;
@@ -53,9 +54,29 @@ public TableFilterContext(String dbName, List<String> 
tableNames) {
     this.tableNames = tableNames;
   }
 
-  @Override public HiveMetaStoreAuthzInfo getAuthzContext() {
-    HiveMetaStoreAuthzInfo ret =
-        new HiveMetaStoreAuthzInfo(preEventContext, HiveOperationType.QUERY, 
getInputHObjs(), getOutputHObjs(), null);
+  public static TableFilterContext createFromTableMetas(String dbName, 
List<TableMeta> tableMetas) {
+    List<Table> tables = new ArrayList<>();
+
+    for (TableMeta tableMeta : tableMetas) {
+      Table table = new Table();
+      table.setCatName(tableMeta.getCatName());
+      table.setDbName(dbName);
+      table.setTableName(tableMeta.getTableName());
+      if (tableMeta.isSetOwnerName()) {
+        table.setOwner(tableMeta.getOwnerName());
+      }
+      if (tableMeta.isSetOwnerType()) {
+        table.setOwnerType(tableMeta.getOwnerType());
+      }
+      tables.add(table);
+    }
+
+    return new TableFilterContext(tables);
+  }
+
+  @Override
+  public HiveMetaStoreAuthzInfo getAuthzContext() {
+    HiveMetaStoreAuthzInfo ret = new HiveMetaStoreAuthzInfo(preEventContext, 
HiveOperationType.QUERY, getInputHObjs(), getOutputHObjs(), null);
     return ret;
   }
 
@@ -66,18 +87,14 @@ private List<HivePrivilegeObject> getInputHObjs() {
 
     if (tables != null) {
       for (Table table : tables) {
-        HivePrivilegeObjectType type = HivePrivilegeObjectType.TABLE_OR_VIEW;
-        HivePrivObjectActionType objectActionType = 
HivePrivilegeObject.HivePrivObjectActionType.OTHER;
-        HivePrivilegeObject hivePrivilegeObject =
-            new HivePrivilegeObject(type, table.getDbName(), 
table.getTableName(), null, null, objectActionType, null, null, 
table.getOwner(), table.getOwnerType());
-        ret.add(hivePrivilegeObject);
+        ret.add(getHivePrivilegeObject(table));
       }
     } else {
       for (String tableName : tableNames) {
         HivePrivilegeObjectType type = HivePrivilegeObjectType.TABLE_OR_VIEW;
-        HivePrivObjectActionType objectActionType = 
HivePrivilegeObject.HivePrivObjectActionType.OTHER;
-        HivePrivilegeObject hivePrivilegeObject =
-            new HivePrivilegeObject(type, dbName, tableName, null, null, 
objectActionType, null, null);
+        HivePrivObjectActionType objectActionType = 
HivePrivObjectActionType.OTHER;
+        HivePrivilegeObject hivePrivilegeObject = new HivePrivilegeObject(
+            type, dbName, tableName, null, null, objectActionType, null, null);
         ret.add(hivePrivilegeObject);
       }
     }
@@ -94,4 +111,4 @@ private List<HivePrivilegeObject> getOutputHObjs() {
   public List<Table> getTables() {
     return tables;
   }
-}
+}
\ No newline at end of file
diff --git 
a/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java
 
b/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java
index 60e688ae4e8..de02fc1ad3e 100644
--- 
a/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java
+++ 
b/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java
@@ -32,16 +32,19 @@
 import org.apache.hadoop.hive.metastore.events.*;
 import org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator;
 import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.filtercontext.TableFilterContext;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.junit.FixMethodOrder;
 import org.junit.runners.MethodSorters;
 import org.junit.Before;
 import org.junit.Test;
 
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Map;
 import java.io.File;
 import java.util.Arrays;
-import java.util.Map;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
@@ -52,15 +55,16 @@
  */
 @FixMethodOrder(MethodSorters.NAME_ASCENDING)
 public class TestHiveMetaStoreAuthorizer {
-  private static final String dbName           = "test";
-  private static final String tblName          = "tmptbl";
-  private static final String viewName         = "tmpview";
-  private static final String roleName         = "tmpRole";
-  private static final String catalogName      = "testCatalog";
-  private static final String dcName           = "testDC";
+  private static final String dbName = "test";
+  private static final String tblName = "tmptbl";
+  private static final String viewName = "tmpview";
+  private static final String roleName = "tmpRole";
+  private static final String catalogName = "testCatalog";
+  private static final String dcName = "testDC";
   private static final String unAuthorizedUser = "bob";
-  private static final String authorizedUser   = "sam";
-  private static final String superUser        = "hive";
+  private static final String authorizedUser = "sam";
+  private static final String superUser = "hive";
+  private static final String default_db = "default";
 
   private static final String metaConfVal = "";
 
@@ -80,7 +84,7 @@ public void setUp() throws Exception {
     MetastoreConf.setBoolVar(conf, ConfVars.HIVE_SUPPORT_CONCURRENCY, false);
     MetastoreConf.setVar(conf, ConfVars.HIVE_AUTHORIZATION_MANAGER, 
DummyHiveAuthorizerFactory.class.getName());
     MetastoreConf.setVar(conf, ConfVars.PRE_EVENT_LISTENERS, 
HiveMetaStoreAuthorizer.class.getName());
-    MetastoreConf.setVar(conf, ConfVars.HIVE_METASTORE_AUTHENTICATOR_MANAGER, 
HadoopDefaultMetastoreAuthenticator.class.getName() );
+    MetastoreConf.setVar(conf, ConfVars.HIVE_METASTORE_AUTHENTICATOR_MANAGER, 
HadoopDefaultMetastoreAuthenticator.class.getName());
     conf.set("hadoop.proxyuser.hive.groups", "*");
     conf.set("hadoop.proxyuser.hive.hosts", "*");
     conf.set("hadoop.proxyuser.hive.users", "*");
@@ -89,7 +93,7 @@ public void setUp() throws Exception {
 
     hmsHandler = new HMSHandler("test", conf);
     hmsHandler.init();
-    rawStore   = new ObjectStore();
+    rawStore = new ObjectStore();
     rawStore.setConf(hmsHandler.getConf());
     // Create the 'hive' catalog with new warehouse directory
     HMSHandler.createDefaultCatalog(rawStore, new Warehouse(conf));
@@ -112,12 +116,12 @@ public void testA_CreateDatabase_unAuthorizedUser() 
throws Exception {
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(unAuthorizedUser));
     try {
       Database db = new DatabaseBuilder()
-              .setName(dbName)
-              .build(conf);
+          .setName(dbName)
+          .build(conf);
       hmsHandler.create_database(db);
     } catch (Exception e) {
       String err = e.getMessage();
-      String expected = "Operation type " + HiveOperationType.CREATEDATABASE+ 
" not allowed for user:" + unAuthorizedUser;
+      String expected = "Operation type " + HiveOperationType.CREATEDATABASE + 
" not allowed for user:" + unAuthorizedUser;
       assertEquals(expected, err);
     }
   }
@@ -127,10 +131,10 @@ public void testB_CreateTable_unAuthorizedUser() throws 
Exception {
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(unAuthorizedUser));
     try {
       Table table = new TableBuilder()
-              .setTableName(tblName)
-              .addCol("name", ColumnType.STRING_TYPE_NAME)
-              .setOwner(unAuthorizedUser)
-              .build(conf);
+          .setTableName(tblName)
+          .addCol("name", ColumnType.STRING_TYPE_NAME)
+          .setOwner(unAuthorizedUser)
+          .build(conf);
       hmsHandler.create_table(table);
     } catch (Exception e) {
       String err = e.getMessage();
@@ -144,11 +148,11 @@ public void testC_CreateView_anyUser() throws Exception {
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
     try {
       Table viewObj = new TableBuilder()
-              .setTableName(viewName)
-              .setType(TableType.VIRTUAL_VIEW.name())
-              .addCol("name", ColumnType.STRING_TYPE_NAME)
-              .setOwner(authorizedUser)
-              .build(conf);
+          .setTableName(viewName)
+          .setType(TableType.VIRTUAL_VIEW.name())
+          .addCol("name", ColumnType.STRING_TYPE_NAME)
+          .setOwner(authorizedUser)
+          .build(conf);
       hmsHandler.create_table(viewObj);
       Map<String, String> params = viewObj.getParameters();
       assertTrue(params.containsKey("Authorized"));
@@ -159,22 +163,22 @@ public void testC_CreateView_anyUser() throws Exception {
   }
 
   @Test
-  public void testC2_AlterView_anyUser() throws Exception{
+  public void testC2_AlterView_anyUser() throws Exception {
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
     try {
       Table viewObj = new TableBuilder()
-              .setTableName(viewName)
-              .setType(TableType.VIRTUAL_VIEW.name())
-              .addCol("name", ColumnType.STRING_TYPE_NAME)
-              .setOwner(authorizedUser)
-              .build(conf);
+          .setTableName(viewName)
+          .setType(TableType.VIRTUAL_VIEW.name())
+          .addCol("name", ColumnType.STRING_TYPE_NAME)
+          .setOwner(authorizedUser)
+          .build(conf);
       hmsHandler.create_table(viewObj);
       viewObj = new TableBuilder()
-              .setTableName(viewName)
-              .setType(TableType.VIRTUAL_VIEW.name())
-              .addCol("dep", ColumnType.STRING_TYPE_NAME)
-              .setOwner(authorizedUser)
-              .build(conf);
+          .setTableName(viewName)
+          .setType(TableType.VIRTUAL_VIEW.name())
+          .addCol("dep", ColumnType.STRING_TYPE_NAME)
+          .setOwner(authorizedUser)
+          .build(conf);
       hmsHandler.alter_table("default", viewName, viewObj);
       Map<String, String> params = viewObj.getParameters();
       assertTrue(params.containsKey("Authorized"));
@@ -189,10 +193,10 @@ public void testD_CreateView_SuperUser() throws Exception 
{
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(superUser));
     try {
       Table viewObj = new TableBuilder()
-              .setTableName(viewName)
-              .setType(TableType.VIRTUAL_VIEW.name())
-              .addCol("name", ColumnType.STRING_TYPE_NAME)
-              .build(conf);
+          .setTableName(viewName)
+          .setType(TableType.VIRTUAL_VIEW.name())
+          .addCol("name", ColumnType.STRING_TYPE_NAME)
+          .build(conf);
       hmsHandler.create_table(viewObj);
     } catch (Exception e) {
       // no Exceptions for superuser as hive is allowed CREATE_VIEW operation
@@ -204,13 +208,13 @@ public void testE_CreateRole__anyUser() throws Exception {
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
     try {
       Role role = new RoleBuilder()
-              .setRoleName(roleName)
-              .setOwnerName(authorizedUser)
-              .build();
+          .setRoleName(roleName)
+          .setOwnerName(authorizedUser)
+          .build();
       hmsHandler.create_role(role);
     } catch (Exception e) {
       String err = e.getMessage();
-      String expected = "Operation type " + 
PreEventContext.PreEventType.AUTHORIZATION_API_CALL.name()+ " not allowed for 
user:" + authorizedUser;
+      String expected = "Operation type " + 
PreEventContext.PreEventType.AUTHORIZATION_API_CALL.name() + " not allowed for 
user:" + authorizedUser;
       assertEquals(expected, err);
     }
   }
@@ -220,14 +224,14 @@ public void testF_CreateCatalog_anyUser() throws 
Exception {
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
     try {
       Catalog catalog = new CatalogBuilder()
-              .setName(catalogName)
-              .setLocation(TEST_DATA_DIR)
-              .build();
+          .setName(catalogName)
+          .setLocation(TEST_DATA_DIR)
+          .build();
       hmsHandler.create_catalog(new CreateCatalogRequest(catalog));
     } catch (Exception e) {
       String err = e.getMessage();
-      String expected = "Operation type " + 
PreEventContext.PreEventType.CREATE_CATALOG.name()+ " not allowed for user:" + 
authorizedUser;
-      assertEquals(expected,err);
+      String expected = "Operation type " + 
PreEventContext.PreEventType.CREATE_CATALOG.name() + " not allowed for user:" + 
authorizedUser;
+      assertEquals(expected, err);
     }
   }
 
@@ -236,9 +240,9 @@ public void testG_CreateCatalog_SuperUser() throws 
Exception {
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(superUser));
     try {
       Catalog catalog = new CatalogBuilder()
-              .setName(catalogName)
-              .setLocation(TEST_DATA_DIR)
-              .build();
+          .setName(catalogName)
+          .setLocation(TEST_DATA_DIR)
+          .build();
       hmsHandler.create_catalog(new CreateCatalogRequest(catalog));
     } catch (Exception e) {
       // no Exceptions for superuser as hive is allowed CREATE CATALOG 
operation
@@ -251,8 +255,8 @@ public void testH_CreateDatabase_authorizedUser() throws 
Exception {
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
     try {
       Database db = new DatabaseBuilder()
-              .setName(dbName)
-              .build(conf);
+          .setName(dbName)
+          .build(conf);
       hmsHandler.create_database(db);
     } catch (Exception e) {
       // No Exception for create database for authorized user
@@ -264,10 +268,10 @@ public void testI_CreateTable_authorizedUser() throws 
Exception {
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
     try {
       Table table = new TableBuilder()
-              .setTableName(tblName)
-              .addCol("name", ColumnType.STRING_TYPE_NAME)
-              .setOwner(authorizedUser)
-              .build(conf);
+          .setTableName(tblName)
+          .addCol("name", ColumnType.STRING_TYPE_NAME)
+          .setOwner(authorizedUser)
+          .build(conf);
       hmsHandler.create_table(table);
     } catch (Exception e) {
       // No Exception for create table for authorized user
@@ -279,16 +283,16 @@ public void testJ_AlterTable_AuthorizedUser() throws 
Exception {
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
     try {
       Table table = new TableBuilder()
-              .setTableName(tblName)
-              .addCol("name", ColumnType.STRING_TYPE_NAME)
-              .setOwner(authorizedUser)
-              .build(conf);
+          .setTableName(tblName)
+          .addCol("name", ColumnType.STRING_TYPE_NAME)
+          .setOwner(authorizedUser)
+          .build(conf);
       hmsHandler.create_table(table);
 
       Table alteredTable = new TableBuilder()
-              .addCol("dep", ColumnType.STRING_TYPE_NAME)
-              .build(conf);
-      hmsHandler.alter_table("default",tblName,alteredTable);
+          .addCol("dep", ColumnType.STRING_TYPE_NAME)
+          .build(conf);
+      hmsHandler.alter_table("default", tblName, alteredTable);
     } catch (Exception e) {
       // No Exception for create table for authorized user
     }
@@ -298,7 +302,7 @@ public void testJ_AlterTable_AuthorizedUser() throws 
Exception {
   public void testK_DropTable_authorizedUser() throws Exception {
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
     try {
-      hmsHandler.drop_table(dbName,tblName,true);
+      hmsHandler.drop_table(dbName, tblName, true);
     } catch (Exception e) {
       // No Exception for create table for authorized user
     }
@@ -308,7 +312,7 @@ public void testK_DropTable_authorizedUser() throws 
Exception {
   public void testL_DropDatabase_authorizedUser() throws Exception {
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
     try {
-      hmsHandler.drop_database(dbName,true,true);
+      hmsHandler.drop_database(dbName, true, true);
     } catch (Exception e) {
       // No Exception for dropDatabase for authorized user
     }
@@ -342,7 +346,7 @@ public void testOShowDatabaseUnauthorizedUser() throws 
Exception {
     } catch (Exception e) {
       String err = e.getMessage();
       if (StringUtils.isNotEmpty(err)) {
-        assert(true);
+        assert (true);
       }
     }
   }
@@ -365,7 +369,7 @@ public void testQShowTablesUnauthorizedUser() throws 
Exception {
     } catch (Exception e) {
       String err = e.getMessage();
       if (StringUtils.isNotEmpty(err)) {
-        assert(true);
+        assert (true);
       }
     }
   }
@@ -379,7 +383,7 @@ public void testR_CreateDataConnector_unAuthorizedUser() {
       hmsHandler.create_dataconnector_req(connectorReq);
     } catch (Exception e) {
       String err = e.getMessage();
-      String expected = "Operation type " + 
HiveOperationType.CREATEDATACONNECTOR+ " not allowed for user:" + 
unAuthorizedUser;
+      String expected = "Operation type " + 
HiveOperationType.CREATEDATACONNECTOR + " not allowed for user:" + 
unAuthorizedUser;
       assertEquals(expected, err);
     }
   }
@@ -430,13 +434,80 @@ public void testUnAuthorizedCause() {
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(unAuthorizedUser));
     try {
       Database db = new DatabaseBuilder()
-              .setName(dbName)
-              .build(conf);
+          .setName(dbName)
+          .build(conf);
       hmsHandler.create_database(db);
     } catch (Exception e) {
       String[] rootCauseStackTrace = ExceptionUtils.getRootCauseStackTrace(e);
       assertTrue(Arrays.stream(rootCauseStackTrace)
-              .anyMatch(stack -> 
stack.contains(DummyHiveAuthorizer.class.getName())));
+          .anyMatch(stack -> 
stack.contains(DummyHiveAuthorizer.class.getName())));
+    }
+  }
+
+  @Test
+  public void testTableFilterContextWithOwnership() throws Exception {
+    List<TableMeta> tableMetas = new ArrayList<>();
+    TableMeta ownerTableMeta = new TableMeta();
+    ownerTableMeta.setCatName("hive");
+    ownerTableMeta.setDbName(default_db);
+    ownerTableMeta.setTableName("owner_table");
+    ownerTableMeta.setOwnerName(authorizedUser);
+    
ownerTableMeta.setOwnerType(org.apache.hadoop.hive.metastore.api.PrincipalType.USER);
+    tableMetas.add(ownerTableMeta);
+
+    TableMeta otherTableMeta = new TableMeta();
+    otherTableMeta.setCatName("hive");
+    otherTableMeta.setDbName(default_db);
+    otherTableMeta.setTableName("other_table");
+    otherTableMeta.setOwnerName(unAuthorizedUser);
+    
otherTableMeta.setOwnerType(org.apache.hadoop.hive.metastore.api.PrincipalType.USER);
+    tableMetas.add(otherTableMeta);
+
+    TableFilterContext filterContext = 
TableFilterContext.createFromTableMetas(default_db, tableMetas);
+    List<Table> tables = filterContext.getTables();
+    assertEquals("Should have two tables in context", 2, tables.size());
+
+    boolean foundOwnerTable = false;
+    boolean foundOtherTable = false;
+
+    for (Table table : tables) {
+      if (table.getTableName().equals("owner_table")) {
+        foundOwnerTable = true;
+        assertEquals("owner_table should have authorized user as owner", 
authorizedUser, table.getOwner());
+        assertEquals("owner_table should have correct owner type",
+            org.apache.hadoop.hive.metastore.api.PrincipalType.USER, 
table.getOwnerType());
+      } else if (table.getTableName().equals("other_table")) {
+        foundOtherTable = true;
+        assertEquals("other_table should have unauthorized user as owner", 
unAuthorizedUser, table.getOwner());
+        assertEquals("other_table should have correct owner type",
+            org.apache.hadoop.hive.metastore.api.PrincipalType.USER, 
table.getOwnerType());
+      }
     }
+
+    assertTrue("owner_table not found in tables", foundOwnerTable);
+    assertTrue("other_table not found in tables", foundOtherTable);
+
+    HiveMetaStoreAuthzInfo authzInfo = filterContext.getAuthzContext();
+    List<HivePrivilegeObject> privObjects = authzInfo.getInputHObjs();
+
+    assertEquals("Should have two privilege objects", 2, privObjects.size());
+
+    foundOwnerTable = false;
+    foundOtherTable = false;
+
+    for (HivePrivilegeObject obj : privObjects) {
+      if (obj.getObjectName().equals("owner_table")) {
+        foundOwnerTable = true;
+        assertEquals("owner_table privilege object should have authorized user 
as owner",
+            authorizedUser, obj.getOwnerName());
+      } else if (obj.getObjectName().equals("other_table")) {
+        foundOtherTable = true;
+        assertEquals("other_table privilege object should have unauthorized 
user as owner",
+            unAuthorizedUser, obj.getOwnerName());
+      }
+    }
+
+    assertTrue("owner_table not found in privilege objects", foundOwnerTable);
+    assertTrue("other_table not found in privilege objects", foundOtherTable);
   }
 }
diff --git 
a/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/HMSHandler.java
 
b/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/HMSHandler.java
index 0b1b7c27ed6..b106c804fa1 100644
--- 
a/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/HMSHandler.java
+++ 
b/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/HMSHandler.java
@@ -6453,9 +6453,14 @@ public List<String> get_all_tables(final String dbname) 
throws MetaException {
     } catch (Exception e) { /* ignore */ }
 
     try {
-      ret = getMS().getAllTables(parsedDbName[CAT_NAME], 
parsedDbName[DB_NAME]);
-      ret = FilterUtils.filterTableNamesIfEnabled(isServerFilterEnabled, 
filterHook,
-          parsedDbName[CAT_NAME], parsedDbName[DB_NAME], ret);
+      if (getIfServerFilterenabled()) {
+        List<TableMeta> filteredTableMetas = get_table_meta(dbname, "*", null);
+        ret = filteredTableMetas.stream()
+            .map(TableMeta::getTableName)
+            .collect(Collectors.toList());
+      } else {
+        ret = getMS().getAllTables(parsedDbName[CAT_NAME], 
parsedDbName[DB_NAME]);
+      }
     } catch (Exception e) {
       ex = e;
       throw newMetaException(e);
diff --git 
a/standalone-metastore/metastore-server/src/test/java/org/apache/hadoop/hive/metastore/TestFilterHooks.java
 
b/standalone-metastore/metastore-server/src/test/java/org/apache/hadoop/hive/metastore/TestFilterHooks.java
index 46f3617b969..49cac83b10f 100644
--- 
a/standalone-metastore/metastore-server/src/test/java/org/apache/hadoop/hive/metastore/TestFilterHooks.java
+++ 
b/standalone-metastore/metastore-server/src/test/java/org/apache/hadoop/hive/metastore/TestFilterHooks.java
@@ -113,6 +113,9 @@ public List<TableMeta> filterTableMetas(String catName, 
String dbName,List<Table
 
     @Override
     public List<TableMeta> filterTableMetas(List<TableMeta> tableMetas) throws 
MetaException {
+      if (blockResults) {
+        return new ArrayList<>();
+      }
       return tableMetas;
     }