[jira] [Created] (HIVE-27116) HS2 need to send owner info in the HivePrivilegeObject for authorization
Sai Hemanth Gantasala created HIVE-27116: Summary: HS2 need to send owner info in the HivePrivilegeObject for authorization Key: HIVE-27116 URL: https://issues.apache.org/jira/browse/HIVE-27116 Project: Hive Issue Type: Bug Components: HiveServer2, Security Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala UDFs (Functions) of HivePrivilegeObject should send owner info for authorization. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-27071) Select query with LIMIT clause can fail if their are marker files like "_SUCCESS" and "_MANIFEST"
Sai Hemanth Gantasala created HIVE-27071: Summary: Select query with LIMIT clause can fail if their are marker files like "_SUCCESS" and "_MANIFEST" Key: HIVE-27071 URL: https://issues.apache.org/jira/browse/HIVE-27071 Project: Hive Issue Type: Bug Components: HiveServer2 Affects Versions: 4.0.0 Reporter: Sai Hemanth Gantasala Assignee: László Bodor Spark clients creates marker files like "_SUCCESS" and "_MANIFEST" under the table/partition path at the end of a write operation. For example 'hdfs://name-node-host/table/partition/_SUCCESS' Whenever Hive is trying to read that table with the LIMIT clause, it could to the following error: {code:java} ERROR : Vertex failed, vertexName=Map 1, vertexId=vertex_1676095298574_0017_2_00, diagnostics=[Vertex vertex_1676095298574_0017_2_00 [Map 1] killed/failed due to:ROOT_INPUT_INIT_FAILURE, Vertex Input: trade initializer failed, vertex=vertex_1676095298574_0017_2_00 [Map 1], org.apache.hadoop.mapred.InvalidInputException: Input path does not exist: hdfs://name-node-host/table/partition/_MANIFEST Input path does not exist: hdfs://name-node-host/table/partition/_SUCCESS at org.apache.hadoop.mapred.FileInputFormat.singleThreadedListStatus(FileInputFormat.java:300) at org.apache.hadoop.mapred.FileInputFormat.listStatus(FileInputFormat.java:240) at org.apache.hadoop.mapred.FileInputFormat.getSplits(FileInputFormat.java:328) at org.apache.hadoop.hive.ql.io.HiveInputFormat.addSplitsForGroup(HiveInputFormat.java:579) {code} Hive execution engine should ignore these marker files while reading the table/partition data. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26911) Renaming a translated external table with a specified location fails with 'location already exists' exception
Sai Hemanth Gantasala created HIVE-26911: Summary: Renaming a translated external table with a specified location fails with 'location already exists' exception Key: HIVE-26911 URL: https://issues.apache.org/jira/browse/HIVE-26911 Project: Hive Issue Type: Bug Components: Standalone Metastore Affects Versions: 4.0.0 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Renaming a translated external table with a specified location fails with 'location already exists' exception. Below are steps for repro {code:java} create database tmp; use tmp; create table b(s string) stored as parquet location 'hdfs://localhost:20500/test-warehouse/tmp.db/some_location'; alter table b rename to bb; ERROR: InvalidOperationException: New location for this table hive.tmp.bb already exists : hdfs://localhost:20500/test-warehouse/tmp.db/some_location {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26850) ColumnInfo of the source table should not be null for the alter view as query
Sai Hemanth Gantasala created HIVE-26850: Summary: ColumnInfo of the source table should not be null for the alter view as query Key: HIVE-26850 URL: https://issues.apache.org/jira/browse/HIVE-26850 Project: Hive Issue Type: Bug Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala The ColumnInfo for the source table of the alter view as query is coming as null and as a result, the column info is not present for the table. The ColumnInfo should be non-null. More details are to be followed. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26838) Add a new event to improve cache performance in external systems that communicates with HMS.
Sai Hemanth Gantasala created HIVE-26838: Summary: Add a new event to improve cache performance in external systems that communicates with HMS. Key: HIVE-26838 URL: https://issues.apache.org/jira/browse/HIVE-26838 Project: Hive Issue Type: New Feature Components: Hive, Standalone Metastore Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Adding support for a new event "Reload event" in the HMS (HiveMetaStore). This event can be used by external services that depend on HMS for metadata operations to improve its cache performance. In the distributed environment where there are replicas of an external service (with its own cache in each of these replicas) talking to HMS for metadata operations, the reload event can be used to address the cache performance and ensure consistency among all the replicas for a given table/partition. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26799) Make authorizations on custom UDFs involved in tables/view configurable.
Sai Hemanth Gantasala created HIVE-26799: Summary: Make authorizations on custom UDFs involved in tables/view configurable. Key: HIVE-26799 URL: https://issues.apache.org/jira/browse/HIVE-26799 Project: Hive Issue Type: New Feature Components: HiveServer2, Security Affects Versions: 4.0.0-alpha-2 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala When Hive is using Ranger/Sentry as an authorization service, consider the following scenario. {code:java} > create table test_udf(st string); // privileged user operation > create function Udf_UPPER as 'openkb.hive.udf.MyUpper' using jar > 'hdfs:///tmp/MyUpperUDF-1.0.0.jar'; // privileged user operation > create view v1_udf as select udf_upper(st) from test_udf; // privileged user > operation //unprivileged user test_user is given select permissions on view v1_udf > select * from v1_udf; {code} It is expected that test_user needs to have select privilege on v1_udf and select permissions on udf_upper custom UDF in order to do a select query on view. This patch introduces a configuration "hive.security.authorization.functions.in.view"=false which disables authorization on views associated with views/tables during the select query. In this mode, only UDFs explicitly stated in the query would still be authorized as it is currently. The reason for making these custom UDFs associated with view/tables authorizable is that currently, test_user will need to be granted select permissions on the custom udf. and the test_user can use this UDF and query against any other table, which is a security concern. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26647) Implement deserialization API for commit compaction event
Sai Hemanth Gantasala created HIVE-26647: Summary: Implement deserialization API for commit compaction event Key: HIVE-26647 URL: https://issues.apache.org/jira/browse/HIVE-26647 Project: Hive Issue Type: Improvement Components: Hive, Serializers/Deserializers Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala [HIVE-24329|https://issues.apache.org/jira/browse/HIVE-24329] introduced notification event for commit compaction (which is serializing an event and inserting it into the notification log). We also need to implement Deserialization API for the commit compaction event so external listeners can read this event. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26610) Upgrade calcite-core to 1.32.0 to avoid CVE-2022-39135
Sai Hemanth Gantasala created HIVE-26610: Summary: Upgrade calcite-core to 1.32.0 to avoid CVE-2022-39135 Key: HIVE-26610 URL: https://issues.apache.org/jira/browse/HIVE-26610 Project: Hive Issue Type: Bug Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26537) Deprecate older APIs in the HMS
Sai Hemanth Gantasala created HIVE-26537: Summary: Deprecate older APIs in the HMS Key: HIVE-26537 URL: https://issues.apache.org/jira/browse/HIVE-26537 Project: Hive Issue Type: Improvement Affects Versions: 4.0.0-alpha-1, 4.0.0-alpha-2 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala This Jira is to track the clean-up(deprecate older APIs and point the HMS client to the newer APIs) work in the hive metastore server. More details will be added here soon. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26508) Remove netty transitive dependencies from hcatalog and hbase pom files to avoid CVEs
Sai Hemanth Gantasala created HIVE-26508: Summary: Remove netty transitive dependencies from hcatalog and hbase pom files to avoid CVEs Key: HIVE-26508 URL: https://issues.apache.org/jira/browse/HIVE-26508 Project: Hive Issue Type: Bug Components: HBase Handler, HCatalog Affects Versions: 4.0.0-alpha-1, 4.0.0, 4.0.0-alpha-2 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Remove netty transitive dependencies (coming from hadoop related dependencies) from hcatalog and hbase pom files to avoid CVEs -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26457) Upgrade package jetty to version 9.4.39+ to avoid CVE-2021-28165, CVE-2020-27216
Sai Hemanth Gantasala created HIVE-26457: Summary: Upgrade package jetty to version 9.4.39+ to avoid CVE-2021-28165, CVE-2020-27216 Key: HIVE-26457 URL: https://issues.apache.org/jira/browse/HIVE-26457 Project: Hive Issue Type: Bug Reporter: Sai Hemanth Gantasala -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26422) Create table via spark-shell vs HS2 has discrepancy in authorization config policy
Sai Hemanth Gantasala created HIVE-26422: Summary: Create table via spark-shell vs HS2 has discrepancy in authorization config policy Key: HIVE-26422 URL: https://issues.apache.org/jira/browse/HIVE-26422 Project: Hive Issue Type: Bug Components: HiveServer2, Standalone Metastore Affects Versions: 4.0.0 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Create table via spark-shell creates 4 privileges "INSERT,SELECT,UPDATE,DELETE" via table owner grants config whereas when we create an external table through hiveserver2 (using client like beeline) it doesn't create any owner privileges which is the desired condition. Note: In Hive's hive-site.xml, the following is set: hive.security.authorization.createtable.user.grants='' hive.security.authorization.createtable.group.grants='' hive.security.authorization.createtable.role.grants='' hive.security.authorization.createtable.owner.grants='' Also the setup is kerberized and uses ranger as an authorization service. So, when we create a table via spark-shell we shouldn't set hive.security.authorization.createtable.owner.grants in the code [https://github.com/apache/hive/blob/master/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java#L625] instead it should be picked using hive-site.xml. (which is already done in CreateTableAutomaticGrants class). The side effect of having table owner privileges set in the code, is that the TBL_PRIVS table in RDBMS is growing with every create table command. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26305) Upgrade package hadoop-common to version 3.1.4+ to avoid CVE-2020-9492
Sai Hemanth Gantasala created HIVE-26305: Summary: Upgrade package hadoop-common to version 3.1.4+ to avoid CVE-2020-9492 Key: HIVE-26305 URL: https://issues.apache.org/jira/browse/HIVE-26305 Project: Hive Issue Type: Bug Components: HiveServer2, Security, Standalone Metastore Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Upgrade package hadoop-common to version 3.1.4+ to avoid CVE-2020-9492 -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Created] (HIVE-26304) Upgrade package pac4j-core to version 5.2.0 or above due to CVE-2021-44878
Sai Hemanth Gantasala created HIVE-26304: Summary: Upgrade package pac4j-core to version 5.2.0 or above due to CVE-2021-44878 Key: HIVE-26304 URL: https://issues.apache.org/jira/browse/HIVE-26304 Project: Hive Issue Type: Bug Components: Standalone Metastore Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Upgrade package pac4j-core to version 5.2.0 or above due to CVE-2021-44878 -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Created] (HIVE-26300) Upgrade Jackson databind version to 2.12.6.1+ to avoid CVE-2020-36518
Sai Hemanth Gantasala created HIVE-26300: Summary: Upgrade Jackson databind version to 2.12.6.1+ to avoid CVE-2020-36518 Key: HIVE-26300 URL: https://issues.apache.org/jira/browse/HIVE-26300 Project: Hive Issue Type: Bug Components: Hive Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Upgrade Jackson databind version to 2.12.6.1+ to avoid *CVE-2020-36518* -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Created] (HIVE-26178) Multiple version of woodstox jars found in spark class path
Sai Hemanth Gantasala created HIVE-26178: Summary: Multiple version of woodstox jars found in spark class path Key: HIVE-26178 URL: https://issues.apache.org/jira/browse/HIVE-26178 Project: Hive Issue Type: Bug Components: Hive, Spark Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala In Spark the woodstox-core jar is coming from two sources: - hadoop-client (woodstox-core:jar:5.0.3) - hive-service (woodstox-core:jar:5.2.1) introduced via xml sec dependency. Woodstox jar is anyway not used in the hive. So we can remove this dependency in the hive. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Created] (HIVE-26055) Fix the HivePrivilegesObjects for Alter table rename command
Sai Hemanth Gantasala created HIVE-26055: Summary: Fix the HivePrivilegesObjects for Alter table rename command Key: HIVE-26055 URL: https://issues.apache.org/jira/browse/HIVE-26055 Project: Hive Issue Type: Bug Components: HiveServer2, Security Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Fix the HivePrivilegeObjects for Alter table rename query in a way that it includes source table information in the output objects and destination table information in the input objects. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (HIVE-25988) CreateTableEvent should have database object as one of the hive privilege object.
Sai Hemanth Gantasala created HIVE-25988: Summary: CreateTableEvent should have database object as one of the hive privilege object. Key: HIVE-25988 URL: https://issues.apache.org/jira/browse/HIVE-25988 Project: Hive Issue Type: Bug Components: Hive, Standalone Metastore Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala The CreateTableEvent in HMS should have a database object as one of the HivePrivilege Objects so that it is consistent with HS2's CreateTable Event. Also, we need to move the DFS_URI object into the InputList so that this is also consistent with HS2's behavior. Having database objects in the create table events hive privilege objects helps to determine if a user has the right permissions to create a table in a particular database via ranger/sentry. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (HIVE-25826) Support table defaults at each database level
Sai Hemanth Gantasala created HIVE-25826: Summary: Support table defaults at each database level Key: HIVE-25826 URL: https://issues.apache.org/jira/browse/HIVE-25826 Project: Hive Issue Type: New Feature Components: HiveServer2, Standalone Metastore Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala This feature jira is for adding support for users being able to specify default table types at each database level. Currently, this is configurable at the service level (HS2) and at each JDBC session-level. The goal is to be able to specify the default table type for each database either when the DB is created (create DB DDL) or at any point later (via alter db DDL). More details and design docs for this feature will be added soon to this Jira. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (HIVE-25813) CREATE TABLE x LIKE storagehandler-based-source fails
Sai Hemanth Gantasala created HIVE-25813: Summary: CREATE TABLE x LIKE storagehandler-based-source fails Key: HIVE-25813 URL: https://issues.apache.org/jira/browse/HIVE-25813 Project: Hive Issue Type: Bug Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala {code:java} CREATE EXTERNAL TABLE default.dbs ( DB_IDbigint, DB_LOCATION_URI string, NAME string, OWNER_NAME string, OWNER_TYPE string ) STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler' TBLPROPERTIES ( 'hive.sql.database.type' = 'MYSQL', 'hive.sql.jdbc.driver' = 'com.mysql.jdbc.Driver', 'hive.sql.jdbc.url' = 'jdbc:mysql://localhost:3306/hive1', 'hive.sql.dbcp.username' = 'hive1', 'hive.sql.dbcp.password' = 'cloudera', 'hive.sql.query' = 'SELECT DB_ID, DB_LOCATION_URI, NAME, OWNER_NAME, OWNER_TYPE FROM DBS' ); CREATE TABLE default.dbscopy LIKE default.dbs; Caused by: java.lang.NullPointerException at org.apache.hadoop.hive.metastore.HiveMetaStoreUtils.getFieldsFromDeserializer(HiveMetaStoreUtils.java:186) {code} -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (HIVE-25809) Implement URI Mapping for KuduStorageHandler in Hive
Sai Hemanth Gantasala created HIVE-25809: Summary: Implement URI Mapping for KuduStorageHandler in Hive Key: HIVE-25809 URL: https://issues.apache.org/jira/browse/HIVE-25809 Project: Hive Issue Type: Bug Components: HiveServer2, Security Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Currently, there is no storage URI mapping for KuduStorageHandler based on the feature HIVE-24705. The API getURIForAuth() needs to be implemented in KuduStorageHandler. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (HIVE-25786) Auto-close browser window/tab after successful auth with SSO(SAML) authentication
Sai Hemanth Gantasala created HIVE-25786: Summary: Auto-close browser window/tab after successful auth with SSO(SAML) authentication Key: HIVE-25786 URL: https://issues.apache.org/jira/browse/HIVE-25786 Project: Hive Issue Type: Bug Components: Authentication, HiveServer2 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala When a client(beeline/DBeaver) tries to connect to HS2. Each connection opens a new tab which is a bit of an annoying user experience. This task is to Auto-close the window on a successful auth after a timed interval (5 sec). On an unsuccessful auth, the browser window would not be auto-closed. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (HIVE-25785) Upgrade xmlsec to 2.1.7/2.2.3 due to CVE-2021-40690
Sai Hemanth Gantasala created HIVE-25785: Summary: Upgrade xmlsec to 2.1.7/2.2.3 due to CVE-2021-40690 Key: HIVE-25785 URL: https://issues.apache.org/jira/browse/HIVE-25785 Project: Hive Issue Type: Bug Components: Hive, Security Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Hive is currently pulling in xmlsec 2.2.1. This needs to be upgraded to 2.2.3+ due to CVE-2021-40690. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (HIVE-25724) Support External only tables for particular databases.
Sai Hemanth Gantasala created HIVE-25724: Summary: Support External only tables for particular databases. Key: HIVE-25724 URL: https://issues.apache.org/jira/browse/HIVE-25724 Project: Hive Issue Type: Improvement Components: HiveServer2, Standalone Metastore Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Goal: To be able to support disabling of ACID tables for a particular database. Why?: There is a use case to support BDR and hive3 replication engines in parallel. This can be used to avoid the creation of ACID tables in DBs replicated by the BDR engine. (BDR does not have the ability to replicate ACID tables) Some users might want to use this as well for their legacy DBs while they transition to ACID tables in some newer DBs. How? A "special" property to be set on the database. If this property is set, HMS will prevent the creation of ACID tables in this database. Note: # Hive/HMS to implement the enforcement of this property in preventing table creation. # Hive/HMS will not prevent end-users from setting/tampering with this property. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (HIVE-25709) Upgrade netty to 4.1.68+ due to CVE-2021-37136, CVE-2021-37137
Sai Hemanth Gantasala created HIVE-25709: Summary: Upgrade netty to 4.1.68+ due to CVE-2021-37136, CVE-2021-37137 Key: HIVE-25709 URL: https://issues.apache.org/jira/browse/HIVE-25709 Project: Hive Issue Type: Bug Components: HiveServer2, Security Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Upgrade netty to 4.1.68+ due to CVE-2021-37136, CVE-2021-37137 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (HIVE-25695) Make spark views authorization in hive configurable.
Sai Hemanth Gantasala created HIVE-25695: Summary: Make spark views authorization in hive configurable. Key: HIVE-25695 URL: https://issues.apache.org/jira/browse/HIVE-25695 Project: Hive Issue Type: Improvement Components: HiveServer2 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala HIVE-24026 introduced an authorization model where views created from external sources like spark are not authorized at create time, but when a user does select on the view. We need to make this authorization configurable. This Jira introduces a new config to make this auth model configurable. {code:java} hive.security.authorization.enabled.on.spark.views=true {code} This config is turned on by default. If the users wish to turn off this config, then they can set this config to false, which means that during the select query, the underlying tables for that view will not be authorized. The reason for making this auth model configurable is because there can be a use-case where a user is running workload of create/alter/select views without HIVE-24026 (with ranger/sentry policies in place where user have select permissions only on view but not on underlying tables) and when user upgrades to HIVE-24026, the admin will have to configure ranger/sentry policies on all the underlying tables for required users. By simply turning off this config, the user can do workload operations but at the cost of the security hole for not authorizing the underlying tables. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (HIVE-25621) Alter table partition compact/concatenate commands should send HivePrivilegeObjects for Authz
Sai Hemanth Gantasala created HIVE-25621: Summary: Alter table partition compact/concatenate commands should send HivePrivilegeObjects for Authz Key: HIVE-25621 URL: https://issues.apache.org/jira/browse/HIVE-25621 Project: Hive Issue Type: Bug Affects Versions: 4.0.0 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala # Run the following queries Create table temp(c0 int) partitioned by (c1 int); Insert into temp values(1,1); ALTER TABLE temp PARTITION (c1=1) COMPACT 'minor'; ALTER TABLE temp PARTITION (c1=1) CONCATENATE; Insert into temp values(1,1); # The above compact/concatenate commands are currently not sending any hive privilege objects for authorization. Hive needs to send these objects to avoid malicious users doing any operation. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-25570) Hive should send full URL path for authorization for the command insert overwrite location
Sai Hemanth Gantasala created HIVE-25570: Summary: Hive should send full URL path for authorization for the command insert overwrite location Key: HIVE-25570 URL: https://issues.apache.org/jira/browse/HIVE-25570 Project: Hive Issue Type: Bug Components: Authorization, HiveServer2 Affects Versions: 4.0.0 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala For authorization, Hive is currently sending the path given as input from the user for the command, for eg {code:java} insert overwrite directory '/user/warehouse/tablespace/external/something/new/test_new_tb1' select * from test_tb1; {code} Hive is sending the path as '/user/warehouse/tablespace/external/something/new/test_new_tb1' Instead, Hive should send a fully qualified path for authorization, for e.g: 'hdfs://hostname:port_name/user/warehouse/tablespace/external/something/new/test_new_tb1' -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-25547) Alter view as Select statement should create Authorizable events in HiveServer2
Sai Hemanth Gantasala created HIVE-25547: Summary: Alter view as Select statement should create Authorizable events in HiveServer2 Key: HIVE-25547 URL: https://issues.apache.org/jira/browse/HIVE-25547 Project: Hive Issue Type: Bug Affects Versions: 4.0.0 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Consider the scenario: {code:java} -- A privileged user is doing the following actions. Create table foo_tbl(i int); Create table foo_bar(name string); Create view foo_view as select * from foo_tbl; -- An unprivileged user can do the following operation, when he/she has select privileges on foo_bar table but he/she doesn't have any privileges on foo_tbl or foo_view. alter view foo_view as select * from foo_bar;{code} An unauthorized user shouldn't be able to alter the view schema when he/she doesn't have any privileges on that view. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-25545) Add/Drop constraints events on table should be authorized in HS2
Sai Hemanth Gantasala created HIVE-25545: Summary: Add/Drop constraints events on table should be authorized in HS2 Key: HIVE-25545 URL: https://issues.apache.org/jira/browse/HIVE-25545 Project: Hive Issue Type: Bug Components: HiveServer2 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Alter table foo_tbl ADD constraint c1_unique UNIQUE(id1) disable novalidate; Alter table foo_tbl DROP constraint c1_unique; The above statements are currently not being authorized in Ranger/Sentry. These should be authorized by creating authorizable events in Hive. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-25514) Alter table with owner policies should honor {OWNER} policies from Apache Ranger in the HMS
Sai Hemanth Gantasala created HIVE-25514: Summary: Alter table with owner policies should honor {OWNER} policies from Apache Ranger in the HMS Key: HIVE-25514 URL: https://issues.apache.org/jira/browse/HIVE-25514 Project: Hive Issue Type: Bug Components: Hive, Standalone Metastore Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala The following commands should honor \{OWNER} policies from Apache Ranger in the HMS. {code:java} Show partitions table_name; alter table foo.table_name partition (country='us') rename to partition (country='canada); alter table foo.table_name drop partition (id='canada');{code} The examples above are tables with partitions. So the partition APIs in HMS should be modifed to honor \{owner} policies from Apache ranger. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-25490) Table object should be authorized with owner info in the get_partitions() api in
Sai Hemanth Gantasala created HIVE-25490: Summary: Table object should be authorized with owner info in the get_partitions() api in Key: HIVE-25490 URL: https://issues.apache.org/jira/browse/HIVE-25490 Project: Hive Issue Type: Bug Components: Hive, Standalone Metastore Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala HiveMetaStore#get_partitions() api is currently authorizing against table name. Instead, the table object should be authorized so that it also has table_owner information in the table object. Currently, a user from spark-shell running these commands (in a rangerized environment): > spark.sql( " create database 791237_db1 " ).show(false) > spark.sql( " CREATE EXTERNAL TABLE IF NOT EXISTS 791237_db1.t1(cal_dt >timestamp) PARTITIONED BY (year string) stored as parquet location >'/791237/791237_db1' " ).show(false) > spark.sql( " select * from 791237_db1.t1 " ).show(false) ERROR metadata.Hive: NoSuchObjectException(message:Table t1 does not exist) Even though the user is the owner of the table, but the same user cannot query the table. This should be addressed. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-25468) Create/Drop functions should be authorized in HMS
Sai Hemanth Gantasala created HIVE-25468: Summary: Create/Drop functions should be authorized in HMS Key: HIVE-25468 URL: https://issues.apache.org/jira/browse/HIVE-25468 Project: Hive Issue Type: Bug Components: Hive Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Create function func_name using class 'org.someclass' using jar '/path_to_jar'; Drop function func_name; These commands are currently authorized in HS2 but not in HiveMetastore. These commands should be authorized for HMS clients for (eg:spark-shell) on the end-user. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-25444) Use a config to disable authorization on storage handlers by default.
Sai Hemanth Gantasala created HIVE-25444: Summary: Use a config to disable authorization on storage handlers by default. Key: HIVE-25444 URL: https://issues.apache.org/jira/browse/HIVE-25444 Project: Hive Issue Type: Improvement Components: HiveServer2 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Using a config "hive.security.authorization.tables.on.storagehandlers" with a default false, we'll enable the authorization on storage handlers by default. Authorization is enabled if this config is set to true. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-25408) AlterTableSetOwnerAnalyzer should send Hive Privilege Objects for Authorization.
Sai Hemanth Gantasala created HIVE-25408: Summary: AlterTableSetOwnerAnalyzer should send Hive Privilege Objects for Authorization. Key: HIVE-25408 URL: https://issues.apache.org/jira/browse/HIVE-25408 Project: Hive Issue Type: Bug Affects Versions: 4.0.0 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Currently, Hive is sending an empty list in the Hive Privilege Objects for authorization when a user does the following operation: alter table foo set owner user user_name; We should be sending the input/objects related to the table in Hive privilege objects for authorization. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-25380) Remove the Hive Privilege Object for Database in the ReadTableEvent and CreatTableEvent.
Sai Hemanth Gantasala created HIVE-25380: Summary: Remove the Hive Privilege Object for Database in the ReadTableEvent and CreatTableEvent. Key: HIVE-25380 URL: https://issues.apache.org/jira/browse/HIVE-25380 Project: Hive Issue Type: Bug Components: Hive, Standalone Metastore Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Hive server2 sends privilege objects of only tables whenever select/create table command is issued. This should be consistent in HMS also, i.e.., HiveMetaStoreAuthorizer should send only table related HivePrivilege Objects for authorization. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-25349) Skip password authentication when a trusted header is present in the Http request
Sai Hemanth Gantasala created HIVE-25349: Summary: Skip password authentication when a trusted header is present in the Http request Key: HIVE-25349 URL: https://issues.apache.org/jira/browse/HIVE-25349 Project: Hive Issue Type: Improvement Components: Hive, HiveServer2 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Whenever a trusted header is present in the HTTP servlet request, skip the password based authentication, since the user is pre-authorized and extract the user name from Authorization header. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-25303) CTAS hive.create.as.external.legacy tries to place data files in managed WH path
Sai Hemanth Gantasala created HIVE-25303: Summary: CTAS hive.create.as.external.legacy tries to place data files in managed WH path Key: HIVE-25303 URL: https://issues.apache.org/jira/browse/HIVE-25303 Project: Hive Issue Type: Bug Components: HiveServer2, Standalone Metastore Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Under legacy table creation mode (hive.create.as.external.legacy=true), when a database has been created in a specific LOCATION, in a session where that database is USEd, tables created using CREATE TABLE AS SELECT should inherit the HDFS path from the database's location. Instead, Hive is trying to write the table data into /warehouse/tablespace/managed/hive// -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-25132) ReadDatabase event should return HiveOperationType as ShowDatabases
Sai Hemanth Gantasala created HIVE-25132: Summary: ReadDatabase event should return HiveOperationType as ShowDatabases Key: HIVE-25132 URL: https://issues.apache.org/jira/browse/HIVE-25132 Project: Hive Issue Type: Bug Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Currently ReadDatabaseEvent should return a HivePrivilegeObject with HiveOperationType as ShowDatabases instead of Query. This is useful if we have a default policy in ranger that grants access to all databases -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-25131) PreAlterPartitionEvent should have table owner details that can authorized in ranger/sentry
Sai Hemanth Gantasala created HIVE-25131: Summary: PreAlterPartitionEvent should have table owner details that can authorized in ranger/sentry Key: HIVE-25131 URL: https://issues.apache.org/jira/browse/HIVE-25131 Project: Hive Issue Type: Bug Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala PreAlterPartition event should have a table object, so that the call can be authorized in ranger/sentry using the owner details of the table object. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-25114) Optmize get_tables() api call in HMS
Sai Hemanth Gantasala created HIVE-25114: Summary: Optmize get_tables() api call in HMS Key: HIVE-25114 URL: https://issues.apache.org/jira/browse/HIVE-25114 Project: Hive Issue Type: Improvement Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Optmize get_tables() call in HMS api. There should only be one call to object store instead of 2 calls to return the table objects. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-25091) Implement connector provider for MSSQL and Oracle
Sai Hemanth Gantasala created HIVE-25091: Summary: Implement connector provider for MSSQL and Oracle Key: HIVE-25091 URL: https://issues.apache.org/jira/browse/HIVE-25091 Project: Hive Issue Type: Sub-task Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Provide an implementation of Connector provider for MSSQL and Oracle -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-25039) Disable discovery.partitions config for external tables by default
Sai Hemanth Gantasala created HIVE-25039: Summary: Disable discovery.partitions config for external tables by default Key: HIVE-25039 URL: https://issues.apache.org/jira/browse/HIVE-25039 Project: Hive Issue Type: Improvement Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala We need to disable the discovery.partitions config for the external tables with partitions by default because every HMS API call to the external partition (for example S3) is costly. We can selectively enable this config for tables by: alter table set tblproperty. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24876) Disable /longconf.jsp page on HS2 web UI for non admin users
Sai Hemanth Gantasala created HIVE-24876: Summary: Disable /longconf.jsp page on HS2 web UI for non admin users Key: HIVE-24876 URL: https://issues.apache.org/jira/browse/HIVE-24876 Project: Hive Issue Type: Bug Components: HiveServer2 Affects Versions: 4.0.0 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala /logconf.jsp page should be disabled to the users that are not in admin roles. Otherwise, any user can flood the log files with different log levels that can be configured on HS2 web UI. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
Sai Hemanth Gantasala created HIVE-24816: Summary: Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649 Key: HIVE-24816 URL: https://issues.apache.org/jira/browse/HIVE-24816 Project: Hive Issue Type: Bug Components: HiveServer2 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Currently, hive is pulling Jackson 2.10.5 version jar. Please upgrade to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24769) HiveMetaStore getTables() doesn't have Owner information to filter on it
Sai Hemanth Gantasala created HIVE-24769: Summary: HiveMetaStore getTables() doesn't have Owner information to filter on it Key: HIVE-24769 URL: https://issues.apache.org/jira/browse/HIVE-24769 Project: Hive Issue Type: Improvement Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala HiveMetaStoreClient#getTables() api should have table owner information so that they can be used while authorizing in Apache Ranger/Sentry. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24768) Use jackson-bom everywhere for version replacement
Sai Hemanth Gantasala created HIVE-24768: Summary: Use jackson-bom everywhere for version replacement Key: HIVE-24768 URL: https://issues.apache.org/jira/browse/HIVE-24768 Project: Hive Issue Type: Improvement Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala It's more of an optimization but makes it easier to replace the versions where ever necessary for Jackson dependency. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24705) Create/Alter/Drop tables based on storage handlers in HS2 should be authorized by Ranger/Sentry
Sai Hemanth Gantasala created HIVE-24705: Summary: Create/Alter/Drop tables based on storage handlers in HS2 should be authorized by Ranger/Sentry Key: HIVE-24705 URL: https://issues.apache.org/jira/browse/HIVE-24705 Project: Hive Issue Type: Improvement Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24603) ALTER TABLE RENAME is not modifying the location of managed table
Sai Hemanth Gantasala created HIVE-24603: Summary: ALTER TABLE RENAME is not modifying the location of managed table Key: HIVE-24603 URL: https://issues.apache.org/jira/browse/HIVE-24603 Project: Hive Issue Type: Bug Components: Standalone Metastore Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala The location of the managed table is not changing when the table is renamed. This causes correctness issues as well like the following - create table abc (id int); insert into abc values (1); rename table abc to def; create table abc (id int); // This should be empty insert into abc values (2); select * from abc ; // now returns the 1 and 2, (ie the old results as well) -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488
Sai Hemanth Gantasala created HIVE-24500: Summary: Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 Key: HIVE-24500 URL: https://issues.apache.org/jira/browse/HIVE-24500 Project: Hive Issue Type: Bug Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Hive is pulling in log4j 2.12.1 specifically to: * ./usr/lib/hive/lib/log4j-core-2.12.1.jar CVE-2020-9488 affects this version and the fix is to upgrade to 2.13.2+. So, upgrade this dependency. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24499) Throw error when respective connector JDBC jar is not present in the lib/ path.
Sai Hemanth Gantasala created HIVE-24499: Summary: Throw error when respective connector JDBC jar is not present in the lib/ path. Key: HIVE-24499 URL: https://issues.apache.org/jira/browse/HIVE-24499 Project: Hive Issue Type: Sub-task Components: HiveServer2 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24456) Column masking/hashing function in hive should use SH512 if FIPS mode is enabled
Sai Hemanth Gantasala created HIVE-24456: Summary: Column masking/hashing function in hive should use SH512 if FIPS mode is enabled Key: HIVE-24456 URL: https://issues.apache.org/jira/browse/HIVE-24456 Project: Hive Issue Type: Wish Components: HiveServer2 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala hive-site.xml should have the following property to indicate that FIPS mode is enabled. hive.masking.algo sha256 If this property is present, then GenericUDFMaskHash should use SHA512 instead of SHA256 encoding for column masking. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421
Sai Hemanth Gantasala created HIVE-24303: Summary: Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421 Key: HIVE-24303 URL: https://issues.apache.org/jira/browse/HIVE-24303 Project: Hive Issue Type: Bug Components: Security Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Hive is pulling in 4.3.18.RELEASE which is vulnerable to CVE-2020-5421. Please upgrade to 4.3.29.RELEASE+ -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24287) Cookie Signer class should use SHA-512 instead SHA-256 for cookie signature
Sai Hemanth Gantasala created HIVE-24287: Summary: Cookie Signer class should use SHA-512 instead SHA-256 for cookie signature Key: HIVE-24287 URL: https://issues.apache.org/jira/browse/HIVE-24287 Project: Hive Issue Type: Bug Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala private static final String SHA_STRING = "SHA-256"; should use SHA-512 instead -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24118) Remove the unnecessary try/catch blocks in the TestHiveMetaStoreAuthorizer
Sai Hemanth Gantasala created HIVE-24118: Summary: Remove the unnecessary try/catch blocks in the TestHiveMetaStoreAuthorizer Key: HIVE-24118 URL: https://issues.apache.org/jira/browse/HIVE-24118 Project: Hive Issue Type: Bug Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala The catch-all exception in a lot of test cases in TestHiveMetaStoreAuthorizer is not good and can give false positive (eg. testD_CreateView_SuperUser), since the test will pass in case there is a MetaException thrown. The test added will pass without code modifications in the HiveMetastoreAuthorizer as well and hence it is not really a good regression test. Would be good to fix them up as well. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24098) Bump Jetty to 9.4.31.v20200723 to get rid of Tomcat CVE warnings
Sai Hemanth Gantasala created HIVE-24098: Summary: Bump Jetty to 9.4.31.v20200723 to get rid of Tomcat CVE warnings Key: HIVE-24098 URL: https://issues.apache.org/jira/browse/HIVE-24098 Project: Hive Issue Type: Bug Components: Security Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Jetty jar has some fixes for transitive CVEs (apache-jsp see details below). When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50, and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. So we need to upgrade jetty 9.4.30+ to get rid of Tomcat CVE warnings * [https://github.com/eclipse/jetty.project/commit/fedc7c65997d433bbdfc26fb3d861f8488f9c804] * [https://github.com/eclipse/jetty.project/commit/74a2ce7a4299014d0b8e4549961e7034ae24c3d1] There are also a bunch of other misc fixes: [https://github.com/eclipse/jetty.project/releases] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24048) Harmonise Jackson components to version 2.10.latest - Hive
Sai Hemanth Gantasala created HIVE-24048: Summary: Harmonise Jackson components to version 2.10.latest - Hive Key: HIVE-24048 URL: https://issues.apache.org/jira/browse/HIVE-24048 Project: Hive Issue Type: Bug Components: HiveServer2 Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Hive uses the following jackson components not harmonised with jackson-databind's version (2.10.0) * jackson-dataformat-yaml 2.9.8 * jackson-jaxrs-base 2.9.8 To avoid conflicts caused by version mismatches please harmonise it with jackson-databind's version. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24045) No logging related to when default database is created
Sai Hemanth Gantasala created HIVE-24045: Summary: No logging related to when default database is created Key: HIVE-24045 URL: https://issues.apache.org/jira/browse/HIVE-24045 Project: Hive Issue Type: Bug Components: Metastore Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala There does not appear to be any HMS logs related to when the "default" database is first created in Hive. This would be useful for troubleshooting. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24026) HMS/Ranger Spark view authorization plan
Sai Hemanth Gantasala created HIVE-24026: Summary: HMS/Ranger Spark view authorization plan Key: HIVE-24026 URL: https://issues.apache.org/jira/browse/HIVE-24026 Project: Hive Issue Type: Improvement Components: HiveServer2, Security Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Currently, Ranger disallows Spark from creating virtual views via HMS because spark clients are normal users. We should have a capability where spark client can create views in HS2. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-23990) Thrift client throws TApplication Exception instead of TTransportException
Sai Hemanth Gantasala created HIVE-23990: Summary: Thrift client throws TApplication Exception instead of TTransportException Key: HIVE-23990 URL: https://issues.apache.org/jira/browse/HIVE-23990 Project: Hive Issue Type: Bug Components: Tests Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala When the thrift version is upgraded from 0.9.3 to 0.13, TServiceClient is throwing TApplicationException instead of TTransportException for a couple of tests in hive/ql. So TTransportException should be changed to TException which is more appropriate. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-23969) Table owner info not being passed during show tables in database.
Sai Hemanth Gantasala created HIVE-23969: Summary: Table owner info not being passed during show tables in database. Key: HIVE-23969 URL: https://issues.apache.org/jira/browse/HIVE-23969 Project: Hive Issue Type: Bug Components: Hive Reporter: Sai Hemanth Gantasala Assignee: Sai Hemanth Gantasala Attachments: Screen Shot 2020-07-31 at 10.55.51 AM.png, Screen Shot 2020-07-31 at 10.56.25 AM.png, Screen Shot 2020-07-31 at 10.56.51 AM.png Table owner information is not being passed in HiveMetaStore. As a result, even though a user is the owner of tables, without a ranger policy, the user is unable to view the tables created by the self. -- This message was sent by Atlassian Jira (v8.3.4#803005)