Re: Review Request 21289: HIVE-7033 : grant statements should check if the role exists

Thu, 15 May 2014 06:15:05 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/21289/#review42625
-----------------------------------------------------------



metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java
<https://reviews.apache.org/r/21289/#comment76447>

    This should be done within transaction. Else, this may result in TOCTU bug.


- Ashutosh Chauhan


On May 9, 2014, 11:14 p.m., Thejas Nair wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/21289/
> -----------------------------------------------------------
> 
> (Updated May 9, 2014, 11:14 p.m.)
> 
> 
> Review request for hive and Ashutosh Chauhan.
> 
> 
> Bugs: HIVE-7033
>     https://issues.apache.org/jira/browse/HIVE-7033
> 
> 
> Repository: hive-git
> 
> 
> Description
> -------
> 
> The following grant statement that grants to a role that does not exist 
> succeeds, but it should result in an error.
> 
> > grant all on t1 to role nosuchrole;
> 
> Patch also fixes the handling of role names in some cases to be case 
> insensitive.
> 
> 
> Diffs
> -----
> 
>   metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java 
> 4b4f4f2 
>   
> ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java
>  62b8994 
>   ql/src/test/queries/clientnegative/authorization_role_grant_nosuchrole.q 
> PRE-CREATION 
>   ql/src/test/queries/clientnegative/authorization_table_grant_nosuchrole.q 
> PRE-CREATION 
>   ql/src/test/queries/clientpositive/authorization_1_sql_std.q 79ae17a 
>   ql/src/test/queries/clientpositive/authorization_role_grant1.q f89d0dc 
>   ql/src/test/queries/clientpositive/authorization_role_grant2.q 984d7ed 
>   
> ql/src/test/results/clientnegative/authorization_role_grant_nosuchrole.q.out 
> PRE-CREATION 
>   
> ql/src/test/results/clientnegative/authorization_table_grant_nosuchrole.q.out 
> PRE-CREATION 
>   ql/src/test/results/clientpositive/authorization_1_sql_std.q.out 718ff31 
>   ql/src/test/results/clientpositive/authorization_role_grant1.q.out 3c846eb 
>   ql/src/test/results/clientpositive/authorization_role_grant2.q.out 1e8f88a 
> 
> Diff: https://reviews.apache.org/r/21289/diff/
> 
> 
> Testing
> -------
> 
> New tests included
> 
> 
> Thanks,
> 
> Thejas Nair
> 
>

Reply via email to