rtrivedi12 opened a new pull request, #6508: URL: https://github.com/apache/hive/pull/6508
… view queries on partitioned tables ### What changes were proposed in this pull request? Fixed incorrect `PARTITION` `HivePrivilegeObject` generation in `CommandAuthorizerV2` for queries that access a **regular (non-deferred) view** over a **partitioned base table**. In `CommandAuthorizerV2.getHivePrivObjects()`, skip emitting a `HivePrivilegeObject` for `PARTITION` / `DUMMYPARTITION` entities when access is through a regular view. The view’s `TABLE_OR_VIEW` object already covers authorization. Skip logic (`isPartitionAccessedViaRegularView`): 1. If the partition entity has a regular (non-deferred) view parent → skip. 2. If the partition entity lacks parent entity but a sibling indirect `TABLE` entity for the same base table has a regular view parent → skip. 3. If the partition is accessed through a **deferred-auth view** (`Authorized=false`) → emit `PARTITION` on the base table (existing behaviour). 4. If the partition is accessed **directly** (no view) → emit `PARTITION` on the base table ### Why are the changes needed? HIVE-27892 added handling for `PARTITION` / `DUMMYPARTITION` entities in `addHivePrivObject`, always using the physical base-table name (`datadb/t1`). For view queries, this causes authorizers to receive an extra `PARTITION` object on the base table in addition to the view’s `TABLE_OR_VIEW` object. Users with view-only policies are getting PERMISSION denied. ### Does this PR introduce _any_ user-facing change? yes View queries through regular views send only the view TABLE_OR_VIEW privilege object. Direct queries on partitioned tables and deferred-auth views still emit base-table PARTITION objects as before. ### How was this patch tested? mvn test -Dtest=TestViewPartitionPrivilegeObjects -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
