[
https://issues.apache.org/jira/browse/HIVE-12698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thejas M Nair updated HIVE-12698:
---------------------------------
Attachment: HIVE-12698.4.patch
HIVE-12698.4.patch - made a minor change so that the interface does not require
the new class being introduced. That way implementations like Ranger don't have
to create a shim layer just for this, to be able to compile against older and
newer versions of hive.
Alternatives to this would have necessiated creation of an extended interface
and then checking if the authorizer implementation implements the extended
interface as well. That would increase the complexity of the hive side of the
code.
Also updated in the git pull request.
[~Ferd] Can you please take a look at this minor change ?
> Remove exposure to internal privilege and principal classes in HiveAuthorizer
> -----------------------------------------------------------------------------
>
> Key: HIVE-12698
> URL: https://issues.apache.org/jira/browse/HIVE-12698
> Project: Hive
> Issue Type: Bug
> Components: Authorization
> Affects Versions: 1.3.0, 2.0.0
> Reporter: Thejas M Nair
> Assignee: Thejas M Nair
> Fix For: 1.3.0, 2.0.0
>
> Attachments: HIVE-12698.1.patch, HIVE-12698.2.patch,
> HIVE-12698.3.patch, HIVE-12698.4.patch
>
>
> The changes in HIVE-11179 expose several internal classes to
> HiveAuthorization implementations. These include PrivilegeObjectDesc,
> PrivilegeDesc, PrincipalDesc and AuthorizationUtils.
> We should avoid exposing that to all Authorization implementations, but also
> make the ability to customize the mapping of internal classes to the public
> api classes possible for Apache Sentry (incubating).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
