[jira] [Work logged] (HIVE-26422) Create table via spark-shell vs HS2 has discrepancy in authorization config policy

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/HIVE-26422?focusedWorklogId=794328&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-794328
 ]

ASF GitHub Bot logged work on HIVE-26422:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 22/Jul/22 17:40
            Start Date: 22/Jul/22 17:40
    Worklog Time Spent: 10m 
      Work Description: saihemanth-cloudera opened a new pull request, #3471:
URL: https://github.com/apache/hive/pull/3471

   …ssController class. This config will be picked up from hive-site.xml
   
   <!--
   Thanks for sending a pull request!  Here are some tips for you:
     1. If this is your first time, please read our contributor guidelines: 
https://cwiki.apache.org/confluence/display/Hive/HowToContribute
     2. Ensure that you have created an issue on the Hive project JIRA: 
https://issues.apache.org/jira/projects/HIVE/summary
     3. Ensure you have added or run the appropriate tests for your PR: 
     4. If the PR is unfinished, add '[WIP]' in your PR title, e.g., 
'[WIP]HIVE-XXXXX:  Your PR title ...'.
     5. Be sure to keep the PR description updated to reflect all changes.
     6. Please write your PR title to summarize what this PR proposes.
     7. If possible, provide a concise example to reproduce the issue for a 
faster review.
   
   -->
   
   ### What changes were proposed in this pull request?
   Removed Table owner privileges from SQLStdHiveAccessController class
   <!--
   Please clarify what changes you are proposing. The purpose of this section 
is to outline the changes and how this PR fixes the issue. 
   If possible, please consider writing useful notes for better and faster 
reviews in your PR. See the examples below.
     1. If you refactor some codes with changing classes, showing the class 
hierarchy will help reviewers.
     2. If you fix some SQL features, you can provide some references of other 
DBMSes.
     3. If there is design documentation, please add the link.
     4. If there is a discussion in the mailing list, please add the link.
   -->
   
   
   ### Why are the changes needed?
   Otherwise TBL_PRIVS tabl in the sys db is growing with every create table 
command.
   <!--
   Please clarify why the changes are needed. For instance,
     1. If you propose a new API, clarify the use case for a new API.
     2. If you fix a bug, you can clarify why it is a bug.
   -->
   
   
   ### Does this PR introduce _any_ user-facing change?
   No.
   <!--
   Note that it means *any* user-facing change including all aspects such as 
the documentation fix.
   If yes, please clarify the previous behavior and the change this PR proposes 
- provide the console output, description, screenshot and/or a reproducable 
example to show the behavior difference if possible.
   If possible, please also clarify if this is a user-facing change compared to 
the released Hive versions or within the unreleased branches such as master.
   If no, write 'No'.
   -->
   
   
   ### How was this patch tested?
   Remote cluster.
   <!--
   If tests were added, say they were added here. Please make sure to add some 
test cases that check the changes thoroughly including negative and positive 
cases if possible.
   If it was tested in a way different from regular unit tests, please clarify 
how you tested step by step, ideally copy and paste-able, so that other 
reviewers can test and check, and descendants can verify in the future.
   If tests were not added, please describe why they were not added and/or why 
it was difficult to add.
   -->
   




Issue Time Tracking
-------------------

            Worklog Id:     (was: 794328)
    Remaining Estimate: 0h
            Time Spent: 10m

> Create table via spark-shell vs HS2 has discrepancy in authorization config 
> policy  
> ------------------------------------------------------------------------------------
>
>                 Key: HIVE-26422
>                 URL: https://issues.apache.org/jira/browse/HIVE-26422
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2, Standalone Metastore
>    Affects Versions: 4.0.0
>            Reporter: Sai Hemanth Gantasala
>            Assignee: Sai Hemanth Gantasala
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Create table via spark-shell creates 4 privileges 
> "INSERT,SELECT,UPDATE,DELETE" via table owner grants config whereas when we 
> create an external table through hiveserver2 (using client like beeline) it 
> doesn't create any owner privileges which is the desired condition.
> Note: In Hive's hive-site.xml, the following is set:
> hive.security.authorization.createtable.user.grants=''
> hive.security.authorization.createtable.group.grants=''
> hive.security.authorization.createtable.role.grants=''
> hive.security.authorization.createtable.owner.grants='' 
> Also the setup is kerberized and uses ranger as an authorization service.
> So, when we create a table via spark-shell we shouldn't set 
> hive.security.authorization.createtable.owner.grants in the code 
> [https://github.com/apache/hive/blob/master/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java#L625]
>  instead it should be picked using hive-site.xml. (which is already done in 
> CreateTableAutomaticGrants class).
> The side effect of having table owner privileges set in the code, is that the 
> TBL_PRIVS table in RDBMS is growing with every create table command.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)