Thejas M Nair created HIVE-15120:
------------------------------------
Summary: Storage based auth: allow option to enforce write checks
for external tables
Key: HIVE-15120
URL: https://issues.apache.org/jira/browse/HIVE-15120
Project: Hive
Issue Type: Bug
Components: Authorization
Reporter: Thejas M Nair
Under storage based authorization, we don't require read permissions on table
directory for external table create/drop.
This is because external table contents are populated often from outside of
hive and are not written into from hive. So write access is not needed. Also,
we can't require write permissions to drop a table if we don't require them for
creation (users who created them should be able to drop them).
However, this difference in behavior of external tables is not well documented.
So users get surprised to learn that drop table can be done by just any user
who has read access to the directory. At that point changing the large number
of scripts that use external tables is hard.
It would be good to have a user config option to have external tables to be
treated same as managed tables.
The option should be off by default, so that the behavior is backward
compatible by default.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
