[
https://issues.apache.org/jira/browse/HIVE-11179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15061252#comment-15061252
]
Thejas M Nair commented on HIVE-11179:
--------------------------------------
This patch is exposing many hive internal classes in the Authorization plugin
interface. Classes exposed through the interface would be considered as public
API by the users.
But I also understand that sentry is quite intertwined with hive internals and
needs this ability to do this custom conversion.
I think we can minimize the exposure to other api users as well as provide
Sentry with the ability it needs by tweaking this change some more. I will
create a follow up jira.
> HIVE should allow custom converting from HivePrivilegeObjectDesc to
> privilegeObject for different authorizers
> -------------------------------------------------------------------------------------------------------------
>
> Key: HIVE-11179
> URL: https://issues.apache.org/jira/browse/HIVE-11179
> Project: Hive
> Issue Type: Improvement
> Reporter: Dapeng Sun
> Assignee: Dapeng Sun
> Labels: Authorization
> Fix For: 1.3.0, 2.0.0
>
> Attachments: HIVE-11179.001.patch, HIVE-11179.001.patch
>
>
> HIVE should allow custom converting from HivePrivilegeObjectDesc to
> privilegeObject for different authorizers:
> There is a case in Apache Sentry: Sentry support uri and server level
> privilege, but in hive side, it uses
> {{AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc)}} to do the
> converting, and the code in {{getHivePrivilegeObject()}} only handle the
> scenes for table and database
> {noformat}
> privSubjectDesc.getTable() ? HivePrivilegeObjectType.TABLE_OR_VIEW :
> HivePrivilegeObjectType.DATABASE;
> {noformat}
> A solution is move this method to {{HiveAuthorizer}}, so that a custom
> Authorizer could enhance it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
