[jira] [Work logged] (HIVE-27116) HS2 need to send owner info for UDFs in the HivePrivilegeObject for authorization

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/HIVE-27116?focusedWorklogId=849477&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-849477
 ]

ASF GitHub Bot logged work on HIVE-27116:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 07/Mar/23 07:21
            Start Date: 07/Mar/23 07:21
    Worklog Time Spent: 10m 
      Work Description: saihemanth-cloudera commented on code in PR #4092:
URL: https://github.com/apache/hive/pull/4092#discussion_r1127451194


##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java:
##########
@@ -83,17 +84,16 @@ static void doAuthorization(HiveOperation op, 
BaseSemanticAnalyzer sem, SessionS
     ss.getAuthorizerV2().checkPrivileges(hiveOpType, inputsHObjs, outputHObjs, 
authzContextBuilder.build());
   }
 
-  private static void addPermanentFunctionEntities(SessionState ss, 
List<ReadEntity> inputList) throws HiveException {
+  private static void addPermanentFunctionEntities(SessionState ss, 
List<ReadEntity> inputList, BaseSemanticAnalyzer sem) throws HiveException {
     for (Entry<String, FunctionInfo> function : 
ss.getCurrentFunctionsInUse().entrySet()) {
       if (function.getValue().getFunctionType() != FunctionType.PERSISTENT) {
         // Built-in function access is allowed to all users. If user can 
create a temp function, they may use it.
         continue;
       }
 
       String[] qualifiedFunctionName = 
FunctionUtils.getQualifiedFunctionNameParts(function.getKey());
-      // this is only for the purpose of authorization, only the name matters.
-      Database db = new Database(qualifiedFunctionName[0], "", "", null);
-      inputList.add(new ReadEntity(db, qualifiedFunctionName[1], 
function.getValue().getClassName(), Type.FUNCTION));
+      // For the purpose of authorization, we need to send full function 
object.
+      inputList.add(new 
ReadEntity(sem.getDb().getFunction(qualifiedFunctionName[0], 
qualifiedFunctionName[1])));

Review Comment:
   I'll revert back on changes on this one. We don't need to fetch 
full-function objects for all the functions in the current session as it is a 
costly operation.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 849477)
    Time Spent: 1h 40m  (was: 1.5h)

> HS2 need to send owner info for UDFs in the HivePrivilegeObject for 
> authorization
> ---------------------------------------------------------------------------------
>
>                 Key: HIVE-27116
>                 URL: https://issues.apache.org/jira/browse/HIVE-27116
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2, Security
>            Reporter: Sai Hemanth Gantasala
>            Assignee: Sai Hemanth Gantasala
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> UDFs (Functions) of HivePrivilegeObject should have owner info for 
> authorization.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)