[
https://issues.apache.org/jira/browse/HIVE-17853?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16299065#comment-16299065
]
Thejas M Nair commented on HIVE-17853:
--------------------------------------
We should also check to see if current user is same as the original UGI user,
and not do the ugi.doAs() if it is the same. Otherwise, this can potentially
cause problems where the users are not privileged users (ie, there is no intent
to do a "doAs").
You would get errors like " userX is not allowed to impersonate userX".
> RetryingMetaStoreClient loses UGI impersonation-context when reconnecting
> after timeout
> ---------------------------------------------------------------------------------------
>
> Key: HIVE-17853
> URL: https://issues.apache.org/jira/browse/HIVE-17853
> Project: Hive
> Issue Type: Bug
> Components: Metastore
> Affects Versions: 3.0.0, 2.4.0, 2.2.1
> Reporter: Mithun Radhakrishnan
> Assignee: Chris Drome
> Priority: Critical
> Fix For: 3.0.0, 2.4.0, 2.2.1
>
> Attachments: HIVE-17853.01-branch-2.patch, HIVE-17853.01.patch
>
>
> The {{RetryingMetaStoreClient}} is used to automatically reconnect to the
> Hive metastore, after client timeout, transparently to the user.
> In case of user impersonation (e.g. Oozie super-user {{oozie}} impersonating
> a Hadoop user {{mithun}}, to run a workflow), in case of timeout, we find
> that the reconnect causes the {{UGI.doAs()}} context to be lost. Any further
> metastore operations will be attempted as the login-user ({{oozie}}), as
> opposed to the effective user ({{mithun}}).
> We should have a fix for this shortly.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
