[
https://issues.apache.org/jira/browse/HIVE-7943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14245229#comment-14245229
]
Lefty Leverenz commented on HIVE-7943:
--------------------------------------
bq. "A reference patch that could be used by anyone wishing to apply this fix
and additional change ..."
I guess this doesn't need to be documented, but a message to user@hive would
boost visibility.
> hive.security.authorization.createtable.owner.grants is ineffective with
> Default Authorization
> ----------------------------------------------------------------------------------------------
>
> Key: HIVE-7943
> URL: https://issues.apache.org/jira/browse/HIVE-7943
> Project: Hive
> Issue Type: Bug
> Components: Authorization
> Affects Versions: 0.13.1
> Reporter: Ashu Pachauri
> Assignee: Ashu Pachauri
> Fix For: 0.14.0
>
> Attachments: HIVE-7943.013.stdauth.patch, HIVE-7943.1.patch,
> HIVE-7943.2.patch, HIVE-7943.3.patch
>
>
> HIVE-6250 separates owner privileges from user privileges. However, Default
> Authorization does not adapt to the change and table owners do not inherit
> permissions from the config.
> Steps to Reproduce:
> set hive.security.authorization.enabled=true;
> set hive.security.authorization.createtable.owner.grants=ALL;
> create table temp_table(id int, value string);
> drop table temp_table;
> Above set of operations throw the following error:
>
> Authorization failed:No privilege 'Drop' found for outputs {
> database:default, table:temp_table}. Use SHOW GRANT to get more details.
> 14/09/02 17:49:38 ERROR ql.Driver: Authorization failed:No privilege 'Drop'
> found for outputs { database:default, table:temp_table}. Use SHOW GRANT to
> get more details.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
