[jira] [Assigned] (HIVE-28356) HMS’s Authorizer for the CREATE_TABLE event doesn’t handle HivePrivilegeObjectType.STORAGEHANDLER_URI

Hongdan Zhu (Jira) Thu, 27 Jun 2024 13:18:11 -0700


     [ 
https://issues.apache.org/jira/browse/HIVE-28356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Hongdan Zhu reassigned HIVE-28356:
----------------------------------

    Assignee: Hongdan Zhu

> HMS’s Authorizer for the CREATE_TABLE event doesn’t handle 
> HivePrivilegeObjectType.STORAGEHANDLER_URI
> -----------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-28356
>                 URL: https://issues.apache.org/jira/browse/HIVE-28356
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Hongdan Zhu
>            Assignee: Hongdan Zhu
>            Priority: Major
>
> HIVE-27322 fixed the authorization of the Iceberg storagehandler through 
> Ranger policies for HS2, but the same policy enforcement is missing on the 
> HMS side, allowing the user to use directly the HMS API or simply use 
> Spark-SQL to create a storagehandler based table without the ranger policies 
> checked.
> From Spark-SQL:
> {noformat}
> spark.sql("CREATE TABLE default.icespark1 (id int, txt string) USING iceberg 
> TBLPROPERTIES ('external.table.purge'='true')"){noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (HIVE-28356) HMS’s Authorizer for the CREATE_TABLE event doesn’t handle HivePrivilegeObjectType.STORAGEHANDLER_URI

Reply via email to