[
https://issues.apache.org/jira/browse/HIVE-20089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Laszlo Bodor updated HIVE-20089:
--------------------------------
Description:
While checking negative qtests I've found some strange behavior according to CT
and CTAS statements.
ct_noperm_loc.q
ctas_noperm_loc.q
The common part these tests are initialization:
{code:java}
set hive.test.authz.sstd.hs2.mode=true;
set
hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set
hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
set user.name=user1;
{code}
But while simple 'create table' works to a nonexisting dir...
{code:java}
create table foo0(id int) location 'hdfs:///tmp/ct_noperm_loc_foo0';
{code}
...'create table as select' doesn't work:
{code:java}
create table foo0 location 'hdfs:///tmp/ctas_noperm_loc_foo0' as select 1 as c1;
{code}
expected result in a negative test is:
{code:java}
FAILED: HiveAccessControlException Permission denied: Principal [name=user1,
type=USER] does not have following privileges for operation
CREATETABLE_AS_SELECT [[INSERT, DELETE] on Object [type=DFS_URI,
name=hdfs://### HDFS PATH ###]]
{code}
So it passes, however it should work same as simple CT, isn't it?
Is it by design, or am I missing something here?
{code:java}
mvn test -Dtest=TestNegativeMinimrCliDriver -Dqfile=ct_noperm_loc.q
-Pitests,hadoop-2 -pl itests/qtest
mvn test -Dtest=TestNegativeMinimrCliDriver -Dqfile=ctas_noperm_loc.q
-Pitests,hadoop-2 -pl itests/qtest
{code}
was:
While checking negative qtests I've found some strange behavior according to CT
and CTAS statements.
ct_noperm_loc.q
ctas_noperm_loc.q
The common part these tests are initialization:
{code}
set hive.test.authz.sstd.hs2.mode=true;
set
hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set
hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
set user.name=user1;
{code}
But while simple 'create table' works to a nonexisting dir...
{code}
create table foo0(id int) location 'hdfs:///tmp/ct_noperm_loc_foo0';
{code}
...'create table as select' doesn't work:
{code}
create table foo0 location 'hdfs:///tmp/ctas_noperm_loc_foo0' as select 1 as c1;
{code}
expected result is:
{code}
FAILED: HiveAccessControlException Permission denied: Principal [name=user1,
type=USER] does not have following privileges for operation
CREATETABLE_AS_SELECT [[INSERT, DELETE] on Object [type=DFS_URI,
name=hdfs://### HDFS PATH ###]]
{code}
Is it by design, am I missing something here?
{code}
mvn test -Dtest=TestNegativeMinimrCliDriver -Dqfile=ct_noperm_loc.q
-Pitests,hadoop-2 -pl itests/qtest
mvn test -Dtest=TestNegativeMinimrCliDriver -Dqfile=ctas_noperm_loc.q
-Pitests,hadoop-2 -pl itests/qtest
{code}
> CTAS doesn't work into nonexisting /tmp/... directory while CT works
> --------------------------------------------------------------------
>
> Key: HIVE-20089
> URL: https://issues.apache.org/jira/browse/HIVE-20089
> Project: Hive
> Issue Type: Bug
> Affects Versions: 3.0.0
> Reporter: Laszlo Bodor
> Priority: Major
>
> While checking negative qtests I've found some strange behavior according to
> CT and CTAS statements.
> ct_noperm_loc.q
> ctas_noperm_loc.q
> The common part these tests are initialization:
> {code:java}
> set hive.test.authz.sstd.hs2.mode=true;
> set
> hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
> set
> hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
> set hive.security.authorization.enabled=true;
> set user.name=user1;
> {code}
>
> But while simple 'create table' works to a nonexisting dir...
> {code:java}
> create table foo0(id int) location 'hdfs:///tmp/ct_noperm_loc_foo0';
> {code}
> ...'create table as select' doesn't work:
> {code:java}
> create table foo0 location 'hdfs:///tmp/ctas_noperm_loc_foo0' as select 1 as
> c1;
> {code}
> expected result in a negative test is:
> {code:java}
> FAILED: HiveAccessControlException Permission denied: Principal [name=user1,
> type=USER] does not have following privileges for operation
> CREATETABLE_AS_SELECT [[INSERT, DELETE] on Object [type=DFS_URI,
> name=hdfs://### HDFS PATH ###]]
> {code}
> So it passes, however it should work same as simple CT, isn't it?
> Is it by design, or am I missing something here?
> {code:java}
> mvn test -Dtest=TestNegativeMinimrCliDriver -Dqfile=ct_noperm_loc.q
> -Pitests,hadoop-2 -pl itests/qtest
> mvn test -Dtest=TestNegativeMinimrCliDriver -Dqfile=ctas_noperm_loc.q
> -Pitests,hadoop-2 -pl itests/qtest
> {code}
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
