[ https://issues.apache.org/jira/browse/HIVE-23352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17098411#comment-17098411 ]
Panagiotis Garefalakis commented on HIVE-23352: ----------------------------------------------- Hey [~thejas] – the behaviour is indeed correct (i.e., if we would really want to disable authorization for external tables we could have set _hive.metastore.authorization.storage.check.externaltable.drop_ to *false*) However, I find the messages a bit confusing. As a first step, we could make messages distinguish permissions over dirs/paths versus tables – as in when dropping an external table we are not really deleting a path (see LOG message above), only the metadata, so the user should know that its a table permission issue and not a dir permission issue. > More user friendly StorageAuthorizationProvider log messages > ------------------------------------------------------------ > > Key: HIVE-23352 > URL: https://issues.apache.org/jira/browse/HIVE-23352 > Project: Hive > Issue Type: Improvement > Components: Security > Affects Versions: 4.0.0 > Reporter: Panagiotis Garefalakis > Priority: Minor > > Currently *StorageBasedAuthorizationProvider* returns messages (like below) > about data paths even for _External_ tables where a drop command would just > remove metadata. Lets make those messages more user-friendly. > {code:java} > Permission Denied: User hive can't delete hdfs://XXX.com:8020/tmp/testuser > because sticky bit is set on the parent dir and user does not own this file > or its parent) > {code} -- This message was sent by Atlassian Jira (v8.3.4#803005)