[
https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Riju Trivedi updated HIVE-27195:
--------------------------------
Description:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with table object to the list
of output objects sent for verifying privileges
Also, In case of a temporary table drop, empty input, and output
HivePrivilegeObject are sent to the authorizer as temporary tables are skipped
from authorization.
h3. What changes were proposed in this pull request?
Authorize write actions on the database during drop table action, and add the
database object to the list of output objects sent for verifying privileges.
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=40000) {code}
was:
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=40000) {code}
> Add database authorization for drop table command
> -------------------------------------------------
>
> Key: HIVE-27195
> URL: https://issues.apache.org/jira/browse/HIVE-27195
> Project: Hive
> Issue Type: Bug
> Reporter: Riju Trivedi
> Assignee: Riju Trivedi
> Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Include authorization of the database object during the "drop table" command.
> Similar to "Create table", DB permissions should be verified in the case of
> "drop table" too. Add the database object along with table object to the list
> of output objects sent for verifying privileges
>
> Also, In case of a temporary table drop, empty input, and output
> HivePrivilegeObject are sent to the authorizer as temporary tables are
> skipped from authorization.
> h3. What changes were proposed in this pull request?
> Authorize write actions on the database during drop table action, and add the
> database object to the list of output objects sent for verifying privileges.
> the drop table if Exists fails with HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [rtrivedi] does not have [DROP] privilege on
> [test/temp_table] (state=42000,code=40000) {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
