[
https://issues.apache.org/jira/browse/HIVE-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Olaf Flebbe updated HIVE-9941:
------------------------------
Description:
sql std authorization works as expected.
However if a table is partitioned any user can truncate it
User foo:
{code}
create table bla (a string) partitioned by (b string);
#.. loading values ...
{code}
Admin:
{code}
0: jdbc:hive2://localhost:10000/default> set role admin;
No rows affected (0,074 seconds)
0: jdbc:hive2://localhost:10000/default> show grant on bla;
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
| database | table | partition | column | principal_name | principal_type
| privilege | grant_option | grant_time | grantor |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
| default | bla | | | foo | USER
| DELETE | true | 1426158997000 | foo |
| default | bla | | | foo | USER
| INSERT | true | 1426158997000 | foo |
| default | bla | | | foo | USER
| SELECT | true | 1426158997000 | foo |
| default | bla | | | foo | USER
| UPDATE | true | 1426158997000 | foo |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
{code}
now user olaf
{code}
0: jdbc:hive2://localhost:10000/default> select * from bla;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: Principal [name=olaf, type=USER] does not have following
privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW,
name=default.bla]] (state=42000,code=40000)
{code}
works as expected.
_BUT_
{code}
0: jdbc:hive2://localhost:10000/default> truncate table bla;
No rows affected (0,18 seconds)
{code}
_And table is empty afterwards_.
Similarily: {{insert into table}} works, too.
was:
sql std authorization works as expected.
However if a table is partitioned any user can truncate it
User foo:
{code}
create table bla (a string) partitioned by (b string);
#.. loading values ...
{code}
Admin:
{code}
0: jdbc:hive2://localhost:10000/default> set role admin;
No rows affected (0,074 seconds)
0: jdbc:hive2://localhost:10000/default> show grant on bla;
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
| database | table | partition | column | principal_name | principal_type
| privilege | grant_option | grant_time | grantor |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
| default | bla | | | foo | USER
| DELETE | true | 1426158997000 | foo |
| default | bla | | | foo | USER
| INSERT | true | 1426158997000 | foo |
| default | bla | | | foo | USER
| SELECT | true | 1426158997000 | foo |
| default | bla | | | foo | USER
| UPDATE | true | 1426158997000 | foo |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
{code}
now user olaf
{code}
0: jdbc:hive2://localhost:10000/default> select * from bla;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: Principal [name=olaf, type=USER] does not have following
privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW,
name=default.bla]] (state=42000,code=40000)
{code}
_BUT_
{code}
0: jdbc:hive2://localhost:10000/default> truncate table bla;
No rows affected (0,18 seconds)
{code}
And table is empty afterwards.
Similarily: {{insert into table}} works, too.
> sql std authorization on partitioned table: truncate and insert
> ---------------------------------------------------------------
>
> Key: HIVE-9941
> URL: https://issues.apache.org/jira/browse/HIVE-9941
> Project: Hive
> Issue Type: Bug
> Components: Authorization
> Affects Versions: 0.14.0
> Reporter: Olaf Flebbe
>
> sql std authorization works as expected.
> However if a table is partitioned any user can truncate it
> User foo:
> {code}
> create table bla (a string) partitioned by (b string);
> #.. loading values ...
> {code}
> Admin:
> {code}
> 0: jdbc:hive2://localhost:10000/default> set role admin;
> No rows affected (0,074 seconds)
> 0: jdbc:hive2://localhost:10000/default> show grant on bla;
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
> | database | table | partition | column | principal_name |
> principal_type | privilege | grant_option | grant_time | grantor |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
> | default | bla | | | foo | USER
> | DELETE | true | 1426158997000 | foo |
> | default | bla | | | foo | USER
> | INSERT | true | 1426158997000 | foo |
> | default | bla | | | foo | USER
> | SELECT | true | 1426158997000 | foo |
> | default | bla | | | foo | USER
> | UPDATE | true | 1426158997000 | foo |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
> {code}
> now user olaf
> {code}
> 0: jdbc:hive2://localhost:10000/default> select * from bla;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: Principal [name=olaf, type=USER] does not have following
> privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW,
> name=default.bla]] (state=42000,code=40000)
> {code}
> works as expected.
> _BUT_
> {code}
> 0: jdbc:hive2://localhost:10000/default> truncate table bla;
> No rows affected (0,18 seconds)
> {code}
> _And table is empty afterwards_.
> Similarily: {{insert into table}} works, too.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
