[jira] [Work logged] (HIVE-26422) Create table via spark-shell vs HS2 has discrepancy in authorization config policy

Tue, 27 Sep 2022 17:33:05 -0700 


     [ 
https://issues.apache.org/jira/browse/HIVE-26422?focusedWorklogId=812700&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-812700
 ]

ASF GitHub Bot logged work on HIVE-26422:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 28/Sep/22 00:32
            Start Date: 28/Sep/22 00:32
    Worklog Time Spent: 10m 
      Work Description: github-actions[bot] closed pull request #3471: 
HIVE-26422: Remove the table owner grant privileges in SQLStdHiveAcce…
URL: https://github.com/apache/hive/pull/3471




Issue Time Tracking
-------------------

    Worklog Id:     (was: 812700)
    Time Spent: 0.5h  (was: 20m)

> Create table via spark-shell vs HS2 has discrepancy in authorization config 
> policy  
> ------------------------------------------------------------------------------------
>
>                 Key: HIVE-26422
>                 URL: https://issues.apache.org/jira/browse/HIVE-26422
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2, Standalone Metastore
>    Affects Versions: 4.0.0
>            Reporter: Sai Hemanth Gantasala
>            Assignee: Sai Hemanth Gantasala
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Create table via spark-shell creates 4 privileges 
> "INSERT,SELECT,UPDATE,DELETE" via table owner grants config whereas when we 
> create an external table through hiveserver2 (using client like beeline) it 
> doesn't create any owner privileges which is the desired condition.
> Note: In Hive's hive-site.xml, the following is set:
> hive.security.authorization.createtable.user.grants=''
> hive.security.authorization.createtable.group.grants=''
> hive.security.authorization.createtable.role.grants=''
> hive.security.authorization.createtable.owner.grants='' 
> Also the setup is kerberized and uses ranger as an authorization service.
> So, when we create a table via spark-shell we shouldn't set 
> hive.security.authorization.createtable.owner.grants in the code 
> [https://github.com/apache/hive/blob/master/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java#L625]
>  instead it should be picked using hive-site.xml. (which is already done in 
> CreateTableAutomaticGrants class).
> The side effect of having table owner privileges set in the code, is that the 
> TBL_PRIVS table in RDBMS is growing with every create table command.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to