[jira] [Updated] (HIVE-24634) Create table if not exists should validate whether table exists before doAuth()

Wed, 13 Jan 2021 12:31:04 -0800 


     [ 
https://issues.apache.org/jira/browse/HIVE-24634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Naresh P R updated HIVE-24634:
------------------------------
    Description: 
In Hive + Ranger cluster, Create table if not exist hive-ranger would validate 
privileges over complete files in table location even thought table already 
exist.

Table exist check should be validated before doAuthorization in compile.
{code:java}
 at 
org.apache.hadoop.hive.common.FileUtils.isActionPermittedForFileHierarchy(FileUtils.java:452)
 
 at 
org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.isURIAccessAllowed(RangerHiveAuthorizer.java:1428)
 at 
org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:291)
 at org.apache.hadoop.hive.ql.Driver.doAuthorizationV2(Driver.java:1337)
 at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:1101)
 at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:710){code}

  was:
In Hive + Ranger cluster, Create table if not exist hive-ranger would validate 
privileges over complete files in table location even thought table already 
exist.

Table exist check should be validated before doAuthorization in compile.
{code:java}
at 
org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:291)
 at org.apache.hadoop.hive.ql.Driver.doAuthorizationV2(Driver.java:1337)
 at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:1101)
 at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:710){code}


> Create table if not exists should validate whether table exists before 
> doAuth()
> -------------------------------------------------------------------------------
>
>                 Key: HIVE-24634
>                 URL: https://issues.apache.org/jira/browse/HIVE-24634
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Naresh P R
>            Priority: Major
>
> In Hive + Ranger cluster, Create table if not exist hive-ranger would 
> validate privileges over complete files in table location even thought table 
> already exist.
> Table exist check should be validated before doAuthorization in compile.
> {code:java}
>  at 
> org.apache.hadoop.hive.common.FileUtils.isActionPermittedForFileHierarchy(FileUtils.java:452)
>  
>  at 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.isURIAccessAllowed(RangerHiveAuthorizer.java:1428)
>  at 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:291)
>  at org.apache.hadoop.hive.ql.Driver.doAuthorizationV2(Driver.java:1337)
>  at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:1101)
>  at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:710){code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to