Hongdan Zhu created HIVE-28356:
----------------------------------
Summary: HMS’s Authorizer for the CREATE_TABLE event doesn’t
handle HivePrivilegeObjectType.STORAGEHANDLER_URI
Key: HIVE-28356
URL: https://issues.apache.org/jira/browse/HIVE-28356
Project: Hive
Issue Type: Bug
Reporter: Hongdan Zhu
HIVE-27322 fixed the authorization of the Iceberg storagehandler through Ranger
policies for HS2, but the same policy enforcement is missing on the HMS side,
allowing the user to use directly the HMS API or simply use Spark-SQL to create
a storagehandler based table without the ranger policies checked.
>From Spark-SQL:
{noformat}
spark.sql("CREATE TABLE default.icespark1 (id int, txt string) USING iceberg
TBLPROPERTIES ('external.table.purge'='true')"){noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
