[jira] [Commented] (HIVE-2818) Create table should check privilege of target database, not default database
[
https://issues.apache.org/jira/browse/HIVE-2818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=1397#comment-1397
]
Thejas M Nair commented on HIVE-2818:
-
I need to go through this some more. I haven't understood why the patch adds
operation to the Entity object. Was that needed to fix this issue, or do you
have other future use in mind ?
Can you please create a reviewboard link (with maybe just the java code
changes) ?
Create table should check privilege of target database, not default database
Key: HIVE-2818
URL: https://issues.apache.org/jira/browse/HIVE-2818
Project: Hive
Issue Type: Bug
Components: Authorization, Security
Affects Versions: 0.7.1
Reporter: Benyi Wang
Assignee: Navis
Attachments: HIVE-2818.1.patch.txt, HIVE-2818.2.patch.txt,
HIVE-2818.3.patch.txt, HIVE-2818.4.patch.txt, HIVE-2818.5.patch.txt,
HIVE-2818.6.patch.txt
Hive seems check the current database to determine the privilege of a
statement when you use fully qualified name like 'database.table'
{code}
hive set hive.security.authorization.enabled=true;
hive create database test_db;
hive grant all on database test_db to user test_user;
hive revoke all on database default from test_user;
hive use default;
hive create table test_db.new_table (id int);
Authorization failed:No privilege 'Create' found for outputs {
database:default}. Use show grant to get more details.
hive use test_db;
hive create table test_db.new_table (id int);
{code}
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
[jira] [Commented] (HIVE-2818) Create table should check privilege of target database, not default database
[
https://issues.apache.org/jira/browse/HIVE-2818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13900018#comment-13900018
]
Navis commented on HIVE-2818:
-
Some operation induces other operation. For example, import operation creates
table if the table is not exists. In this case, we cannot authorize the induces
operation(create table:CREATE for DATABASE) with original
operation(import:ALTER_METADATA and ALTER_DATA for TABLE).
It's once checked in Driver (if operation == IMPORT than iterate tasks.. find
CREATE.. authorize for that, etc.). But I thought this is far easier than that.
Intended to add review board link when the test passed. Considering It's
rebased from totally different version, which is based on hive-0.11+200patches,
you might understand my reluctancy.
Create table should check privilege of target database, not default database
Key: HIVE-2818
URL: https://issues.apache.org/jira/browse/HIVE-2818
Project: Hive
Issue Type: Bug
Components: Authorization, Security
Affects Versions: 0.7.1
Reporter: Benyi Wang
Assignee: Navis
Attachments: HIVE-2818.1.patch.txt, HIVE-2818.2.patch.txt,
HIVE-2818.3.patch.txt, HIVE-2818.4.patch.txt, HIVE-2818.5.patch.txt,
HIVE-2818.6.patch.txt
Hive seems check the current database to determine the privilege of a
statement when you use fully qualified name like 'database.table'
{code}
hive set hive.security.authorization.enabled=true;
hive create database test_db;
hive grant all on database test_db to user test_user;
hive revoke all on database default from test_user;
hive use default;
hive create table test_db.new_table (id int);
Authorization failed:No privilege 'Create' found for outputs {
database:default}. Use show grant to get more details.
hive use test_db;
hive create table test_db.new_table (id int);
{code}
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
[jira] [Commented] (HIVE-2818) Create table should check privilege of target database, not default database
[
https://issues.apache.org/jira/browse/HIVE-2818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13900087#comment-13900087
]
Hive QA commented on HIVE-2818:
---
{color:red}Overall{color}: -1 at least one tests failed
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12628384/HIVE-2818.6.patch.txt
{color:red}ERROR:{color} -1 due to 22 failed/errored test(s), 5075 tests
executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_authorization_revoke_table_priv
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_binarysortable_1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_escape1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_escape2
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_load_binary_data
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_nullformatCTAS
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_show_create_table_serde
org.apache.hadoop.hive.cli.TestMinimrCliDriver.testCliDriver_auto_sortmerge_join_16
org.apache.hadoop.hive.cli.TestMinimrCliDriver.testCliDriver_external_table_with_space_in_location_path
org.apache.hadoop.hive.cli.TestMinimrCliDriver.testCliDriver_file_with_header_footer
org.apache.hadoop.hive.cli.TestMinimrCliDriver.testCliDriver_import_exported_table
org.apache.hadoop.hive.cli.TestMinimrCliDriver.testCliDriver_quotedid_smb
org.apache.hadoop.hive.cli.TestMinimrCliDriver.testCliDriver_root_dir_external_table
org.apache.hadoop.hive.cli.TestMinimrCliDriver.testCliDriver_schemeAuthority2
org.apache.hadoop.hive.cli.TestMinimrCliDriver.testCliDriver_stats_counter_partitioned
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testNegativeCliDriver_insert_into1
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testNegativeCliDriver_insert_into2
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testNegativeCliDriver_insert_into3
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testNegativeCliDriver_insert_into4
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testNegativeCliDriver_lockneg_try_drop_locked_db
org.apache.hadoop.hive.common.type.TestDecimal128.testHighPrecisionDecimal128Multiply
org.apache.hive.jdbc.TestJdbcWithMiniHS2.testURIDatabaseName
{noformat}
Test results:
http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1299/testReport
Console output:
http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1299/console
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 22 tests failed
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12628384
Create table should check privilege of target database, not default database
Key: HIVE-2818
URL: https://issues.apache.org/jira/browse/HIVE-2818
Project: Hive
Issue Type: Bug
Components: Authorization, Security
Affects Versions: 0.7.1
Reporter: Benyi Wang
Assignee: Navis
Attachments: HIVE-2818.1.patch.txt, HIVE-2818.2.patch.txt,
HIVE-2818.3.patch.txt, HIVE-2818.4.patch.txt, HIVE-2818.5.patch.txt,
HIVE-2818.6.patch.txt
Hive seems check the current database to determine the privilege of a
statement when you use fully qualified name like 'database.table'
{code}
hive set hive.security.authorization.enabled=true;
hive create database test_db;
hive grant all on database test_db to user test_user;
hive revoke all on database default from test_user;
hive use default;
hive create table test_db.new_table (id int);
Authorization failed:No privilege 'Create' found for outputs {
database:default}. Use show grant to get more details.
hive use test_db;
hive create table test_db.new_table (id int);
{code}
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
[jira] [Commented] (HIVE-2818) Create table should check privilege of target database, not default database
[
https://issues.apache.org/jira/browse/HIVE-2818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13895841#comment-13895841
]
Navis commented on HIVE-2818:
-
Differences of outputs are mostly from adding database to Read/WriteEntity for
authorization. I'll update this in tomorrow.
Create table should check privilege of target database, not default database
Key: HIVE-2818
URL: https://issues.apache.org/jira/browse/HIVE-2818
Project: Hive
Issue Type: Bug
Components: Authorization, Security
Affects Versions: 0.7.1
Reporter: Benyi Wang
Assignee: Navis
Attachments: HIVE-2818.1.patch.txt, HIVE-2818.2.patch.txt,
HIVE-2818.3.patch.txt, HIVE-2818.4.patch.txt
Hive seems check the current database to determine the privilege of a
statement when you use fully qualified name like 'database.table'
{code}
hive set hive.security.authorization.enabled=true;
hive create database test_db;
hive grant all on database test_db to user test_user;
hive revoke all on database default from test_user;
hive use default;
hive create table test_db.new_table (id int);
Authorization failed:No privilege 'Create' found for outputs {
database:default}. Use show grant to get more details.
hive use test_db;
hive create table test_db.new_table (id int);
{code}
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
[jira] [Commented] (HIVE-2818) Create table should check privilege of target database, not default database
[
https://issues.apache.org/jira/browse/HIVE-2818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13894319#comment-13894319
]
Thejas M Nair commented on HIVE-2818:
-
I am sorry, forgot to look at this patch.
I took a quick look now, it contains a lot of changes. Are all of those related
to this issue ? Can you please rebase and create a reviewboard link ?
Create table should check privilege of target database, not default database
Key: HIVE-2818
URL: https://issues.apache.org/jira/browse/HIVE-2818
Project: Hive
Issue Type: Bug
Components: Authorization, Security
Affects Versions: 0.7.1
Reporter: Benyi Wang
Assignee: Navis
Attachments: HIVE-2818.1.patch.txt, HIVE-2818.2.patch.txt,
HIVE-2818.3.patch.txt, HIVE-2818.4.patch.txt
Hive seems check the current database to determine the privilege of a
statement when you use fully qualified name like 'database.table'
{code}
hive set hive.security.authorization.enabled=true;
hive create database test_db;
hive grant all on database test_db to user test_user;
hive revoke all on database default from test_user;
hive use default;
hive create table test_db.new_table (id int);
Authorization failed:No privilege 'Create' found for outputs {
database:default}. Use show grant to get more details.
hive use test_db;
hive create table test_db.new_table (id int);
{code}
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
[jira] [Commented] (HIVE-2818) Create table should check privilege of target database, not default database
[
https://issues.apache.org/jira/browse/HIVE-2818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13867024#comment-13867024
]
Hive QA commented on HIVE-2818:
---
{color:red}Overall{color}: -1 at least one tests failed
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12622142/HIVE-2818.3.patch.txt
{color:red}ERROR:{color} -1 due to 152 failed/errored test(s), 4891 tests
executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_add_part_multiple
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_alter_char1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_alter_char2
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_alter_varchar1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_alter_varchar2
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_filter
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_groupby
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_join
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_limit
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_part
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_select
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_table
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_union
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_archive_excludeHadoop20
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_authorization_8
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_auto_join32
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_auto_join_reordering_values
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_auto_sortmerge_join_13
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_auto_sortmerge_join_14
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_auto_sortmerge_join_15
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_avro_partitioned
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_ba_table_udfs
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_binarysortable_1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucketsortoptimize_insert_1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucketsortoptimize_insert_2
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucketsortoptimize_insert_3
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucketsortoptimize_insert_4
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucketsortoptimize_insert_5
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucketsortoptimize_insert_6
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucketsortoptimize_insert_7
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucketsortoptimize_insert_8
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_char_1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_char_2
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_char_join1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_char_nested_types
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_char_serde
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_char_udf1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_char_union1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_char_varchar_udf
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_correlationoptimizer11
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_correlationoptimizer13
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_correlationoptimizer4
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_correlationoptimizer5
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_correlationoptimizer9
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_create_view_translate
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_ctas_char
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_ctas_date
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_ctas_varchar
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_date_1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_date_2
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_date_3
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_date_4
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_date_join1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_date_serde
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_date_udf
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_decimal_5
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_decimal_6
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_decimal_join
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_disallow_incompatible_type_change_off
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_drop_with_concurrency
[jira] [Commented] (HIVE-2818) Create table should check privilege of target database, not default database
[
https://issues.apache.org/jira/browse/HIVE-2818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13848995#comment-13848995
]
Hive QA commented on HIVE-2818:
---
{color:red}Overall{color}: -1 at least one tests failed
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12618858/HIVE-2818.2.patch.txt
{color:red}ERROR:{color} -1 due to 195 failed/errored test(s), 4774 tests
executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_add_part_multiple
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_alter_char1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_alter_char2
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_alter_rename_partition_authorization
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_alter_varchar1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_alter_varchar2
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_filter
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_groupby
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_join
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_limit
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_part
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_select
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_table
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_union
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_archive_excludeHadoop20
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_authorization_2
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_authorization_6
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_authorization_8
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_auto_join32
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_auto_join_reordering_values
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_auto_sortmerge_join_13
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_auto_sortmerge_join_14
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_auto_sortmerge_join_15
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_avro_partitioned
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_ba_table_udfs
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_binarysortable_1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucketsortoptimize_insert_1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucketsortoptimize_insert_2
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucketsortoptimize_insert_3
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucketsortoptimize_insert_4
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucketsortoptimize_insert_5
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucketsortoptimize_insert_6
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucketsortoptimize_insert_7
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucketsortoptimize_insert_8
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_char_1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_char_2
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_char_join1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_char_nested_types
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_char_serde
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_char_udf1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_char_union1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_correlationoptimizer11
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_correlationoptimizer13
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_correlationoptimizer4
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_correlationoptimizer5
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_correlationoptimizer9
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_create_view_translate
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_ctas_char
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_ctas_date
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_ctas_varchar
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_date_1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_date_2
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_date_3
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_date_4
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_date_join1
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_date_serde
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_date_udf
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_decimal_5
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_decimal_6
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_decimal_join
