[
https://issues.apache.org/jira/browse/HIVE-23352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17098411#comment-17098411
]
Panagiotis Garefalakis commented on HIVE-23352:
-----------------------------------------------
Hey [~thejas] – the behaviour is indeed correct (i.e., if we would really want
to disable authorization for external tables we could have set
_hive.metastore.authorization.storage.check.externaltable.drop_ to *false*)
However, I find the messages a bit confusing.
As a first step, we could make messages distinguish permissions over dirs/paths
versus tables – as in when dropping an external table we are not really
deleting a path (see LOG message above), only the metadata, so the user should
know that its a table permission issue and not a dir permission issue.
> More user friendly StorageAuthorizationProvider log messages
> ------------------------------------------------------------
>
> Key: HIVE-23352
> URL: https://issues.apache.org/jira/browse/HIVE-23352
> Project: Hive
> Issue Type: Improvement
> Components: Security
> Affects Versions: 4.0.0
> Reporter: Panagiotis Garefalakis
> Priority: Minor
>
> Currently *StorageBasedAuthorizationProvider* returns messages (like below)
> about data paths even for _External_ tables where a drop command would just
> remove metadata. Lets make those messages more user-friendly.
> {code:java}
> Permission Denied: User hive can't delete hdfs://XXX.com:8020/tmp/testuser
> because sticky bit is set on the parent dir and user does not own this file
> or its parent)
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
