jkovacs-hwx commented on code in PR #5343:
URL: https://github.com/apache/hive/pull/5343#discussion_r1842016637
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateTableEvent.java:
##########
@@ -79,6 +83,24 @@ private List<HivePrivilegeObject> getOutputHObjs() {
Database database = event.getDatabase();
String uri = getSdLocation(table.getSd());
+ // if the table is an iceberg storagehandler based table , need storageuri
as hive privilege objects
+ // format: storagehandler type + cluster + location
+ LOG.debug("<== CreateTableEvent.getOutputHObjs(): ret={}", ret);
+ if
(table.getParameters().containsKey(hive_metastoreConstants.META_TABLE_STORAGE))
{
+ Configuration conf = new Configuration();
+ try {
+ HiveStorageHandler hiveStorageHandler = (HiveStorageHandler)
ReflectionUtils.newInstance(
+
conf.getClassByName(table.getParameters().get(hive_metastoreConstants.META_TABLE_STORAGE)),
event.getHandler().getConf());
+ String storageUri = hiveStorageHandler.getURIForAuth(table).toString();
+ if (storageUri.contains("iceberg")) {
Review Comment:
It's also not clear for me why we only Authorize URI for iceberg only when
others - hbase, kafka, jdbc - could have similar URI policies to be authorized
(although URIs are computed in different way for each types)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For additional commands, e-mail: gitbox-h...@hive.apache.org
