[jira] [Commented] (HIVE-12231) StorageBasedAuthorization requires write permission of default Warehouse when create external database

Fri, 30 Oct 2015 15:33:07 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-12231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14983505#comment-14983505
 ] 

Thejas M Nair commented on HIVE-12231:
--------------------------------------

[~sjtufighter]
Unfortunately there is no other way to restrict creation of databases if the 
cluster admin wants to. This is certainly a flexibility that 
storagebasedauthorization lacks. However, we can't change that behavior as many 
admins would be relying on this to control who gets to create a new database. 

A workaround is to have admin create a database for such users, and allow them 
to create external tables instead of external databases.
If you strongly see a need for being able to create external databases without 
having permissions on the warehouse directory, it should be through a 
configuration setting for StorageBasedAuthorization. Please make sure that 
there is test coverage for both config being enabled and disabled.


> StorageBasedAuthorization requires write permission of default Warehouse when 
> create external database
> ------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-12231
>                 URL: https://issues.apache.org/jira/browse/HIVE-12231
>             Project: Hive
>          Issue Type: Bug
>    Affects Versions: 1.2.1
>            Reporter: WangMeng
>            Assignee: WangMeng
>         Attachments: HIVE-12231.01.patch
>
>
> Please look at the stacktrace, when enabled StorageBasedAuthorization, I set 
> external location to create database. However, it will also check write 
> permission of default warehouse "/user/hive/warehouse"  :
> > CREATE DATABASE test LOCATION  '/tmp/wangmeng/test'  ;
> Error: Error while compiling statement: FAILED: HiveException 
> java.security.AccessControlException: Permission denied: user=wangmeng, 
> access=WRITE, inode="/user/hive/warehouse":hive:hive:drwxr-x--t
>       at 
> org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.checkFsPermission(DefaultAuthorizationProvider.java:255)
>       at 
> org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.check(DefaultAuthorizationProvider.java:236)
>       at 
> org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.checkPermission(DefaultAuthorizationProvider.java:151)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to