[jira] [Updated] (HIVE-2817) Drop any table even without privilege
[ https://issues.apache.org/jira/browse/HIVE-2817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ashutosh Chauhan updated HIVE-2817: --- Resolution: Fixed Fix Version/s: 0.13.0 Status: Resolved (was: Patch Available) Fixed via HIVE-2818 Feel free to reopen if you can still repro. Drop any table even without privilege - Key: HIVE-2817 URL: https://issues.apache.org/jira/browse/HIVE-2817 Project: Hive Issue Type: Bug Affects Versions: 0.7.1, 0.8.0, 0.9.0, 0.10.0 Reporter: Benyi Wang Assignee: Chun Chen Fix For: 0.13.0 Attachments: HIVE-2817.D10371.1.patch, HIVE-2817.D10563.1.patch You can drop any table if you use fully qualified name 'database.table' even you don't have any previlige. {code} hive set hive.security.authorization.enabled=true; hive revoke all on default from user test_user; hive drop table abc; hive drop table abc; Authorization failed:No privilege 'Drop' found for outputs { database:default, table:abc}. Use show grant to get more details. hive drop table default.abc; OK Time taken: 0.13 seconds {code} The table and the file in {{/usr/hive/warehouse}} or external file will be deleted. If you don't have hadoop access permission on {{/usr/hive/warehouse}} or external files, you will see a hadoop access error {code} 12/02/23 15:35:35 ERROR hive.log: org.apache.hadoop.security.AccessControlException: org.apache.hadoop.security.AccessControlException: Permission denied: user=test_user, access=WRITE, inode=/user/myetl:myetl:etl:drwxr-xr-x at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) {code} -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HIVE-2817) Drop any table even without privilege
[ https://issues.apache.org/jira/browse/HIVE-2817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Owen O'Malley updated HIVE-2817: Fix Version/s: (was: 0.11.0) Drop any table even without privilege - Key: HIVE-2817 URL: https://issues.apache.org/jira/browse/HIVE-2817 Project: Hive Issue Type: Bug Affects Versions: 0.7.1, 0.8.0, 0.9.0, 0.10.0 Reporter: Benyi Wang Assignee: Chen Chun Attachments: HIVE-2817.D10371.1.patch, HIVE-2817.D10563.1.patch You can drop any table if you use fully qualified name 'database.table' even you don't have any previlige. {code} hive set hive.security.authorization.enabled=true; hive revoke all on default from user test_user; hive drop table abc; hive drop table abc; Authorization failed:No privilege 'Drop' found for outputs { database:default, table:abc}. Use show grant to get more details. hive drop table default.abc; OK Time taken: 0.13 seconds {code} The table and the file in {{/usr/hive/warehouse}} or external file will be deleted. If you don't have hadoop access permission on {{/usr/hive/warehouse}} or external files, you will see a hadoop access error {code} 12/02/23 15:35:35 ERROR hive.log: org.apache.hadoop.security.AccessControlException: org.apache.hadoop.security.AccessControlException: Permission denied: user=test_user, access=WRITE, inode=/user/myetl:myetl:etl:drwxr-xr-x at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HIVE-2817) Drop any table even without privilege
[ https://issues.apache.org/jira/browse/HIVE-2817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phabricator updated HIVE-2817: -- Attachment: HIVE-2817.D10563.1.patch chenchun requested code review of HIVE-2817 [jira] Drop any table even without privilege. Reviewers: JIRA HIVE-2817 You can drop any table if you use fully qualified name 'database.table' even you don't have any previlige. hive set hive.security.authorization.enabled=true; hive revoke all on default from user test_user; hive drop table abc; hive drop table abc; Authorization failed:No privilege 'Drop' found for outputs { database:default, table:abc}. Use show grant to get more details. hive drop table default.abc; OK Time taken: 0.13 seconds The table and the file in /usr/hive/warehouse or external file will be deleted. If you don't have hadoop access permission on /usr/hive/warehouse or external files, you will see a hadoop access error 12/02/23 15:35:35 ERROR hive.log: org.apache.hadoop.security.AccessControlException: org.apache.hadoop.security.AccessControlException: Permission denied: user=test_user, access=WRITE, inode=/user/myetl:myetl:etl:drwxr-xr-x at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) TEST PLAN EMPTY REVISION DETAIL https://reviews.facebook.net/D10563 AFFECTED FILES ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java ql/src/test/queries/clientnegative/authorization_fail_8.q ql/src/test/results/clientnegative/authorization_fail_8.q.out MANAGE HERALD RULES https://reviews.facebook.net/herald/view/differential/ WHY DID I GET THIS EMAIL? https://reviews.facebook.net/herald/transcript/25287/ To: JIRA, chenchun Drop any table even without privilege - Key: HIVE-2817 URL: https://issues.apache.org/jira/browse/HIVE-2817 Project: Hive Issue Type: Bug Affects Versions: 0.7.1 Reporter: Benyi Wang Assignee: Chen Chun Attachments: HIVE-2817.D10371.1.patch, HIVE-2817.D10563.1.patch You can drop any table if you use fully qualified name 'database.table' even you don't have any previlige. {code} hive set hive.security.authorization.enabled=true; hive revoke all on default from user test_user; hive drop table abc; hive drop table abc; Authorization failed:No privilege 'Drop' found for outputs { database:default, table:abc}. Use show grant to get more details. hive drop table default.abc; OK Time taken: 0.13 seconds {code} The table and the file in {{/usr/hive/warehouse}} or external file will be deleted. If you don't have hadoop access permission on {{/usr/hive/warehouse}} or external files, you will see a hadoop access error {code} 12/02/23 15:35:35 ERROR hive.log: org.apache.hadoop.security.AccessControlException: org.apache.hadoop.security.AccessControlException: Permission denied: user=test_user, access=WRITE, inode=/user/myetl:myetl:etl:drwxr-xr-x at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HIVE-2817) Drop any table even without privilege
[ https://issues.apache.org/jira/browse/HIVE-2817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Chen Chun updated HIVE-2817: Fix Version/s: 0.11.0 Affects Version/s: 0.8.0 0.9.0 0.10.0 Release Note: Fix bug drop any table even without privilege Hadoop Flags: Incompatible change Status: Patch Available (was: Open) Drop any table even without privilege - Key: HIVE-2817 URL: https://issues.apache.org/jira/browse/HIVE-2817 Project: Hive Issue Type: Bug Affects Versions: 0.10.0, 0.9.0, 0.8.0, 0.7.1 Reporter: Benyi Wang Assignee: Chen Chun Fix For: 0.11.0 Attachments: HIVE-2817.D10371.1.patch, HIVE-2817.D10563.1.patch You can drop any table if you use fully qualified name 'database.table' even you don't have any previlige. {code} hive set hive.security.authorization.enabled=true; hive revoke all on default from user test_user; hive drop table abc; hive drop table abc; Authorization failed:No privilege 'Drop' found for outputs { database:default, table:abc}. Use show grant to get more details. hive drop table default.abc; OK Time taken: 0.13 seconds {code} The table and the file in {{/usr/hive/warehouse}} or external file will be deleted. If you don't have hadoop access permission on {{/usr/hive/warehouse}} or external files, you will see a hadoop access error {code} 12/02/23 15:35:35 ERROR hive.log: org.apache.hadoop.security.AccessControlException: org.apache.hadoop.security.AccessControlException: Permission denied: user=test_user, access=WRITE, inode=/user/myetl:myetl:etl:drwxr-xr-x at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HIVE-2817) Drop any table even without privilege
[ https://issues.apache.org/jira/browse/HIVE-2817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phabricator updated HIVE-2817: -- Attachment: HIVE-2817.D10371.1.patch chenchun requested code review of HIVE-2817 [jira] Drop any table even without privilege. Reviewers: JIRA HIVE-2817 Drop any table even without privilege You can drop any table if you use fully qualified name 'database.table' even you don't have any previlige. hive set hive.security.authorization.enabled=true; hive revoke all on default from user test_user; hive drop table abc; hive drop table abc; Authorization failed:No privilege 'Drop' found for outputs { database:default, table:abc}. Use show grant to get more details. hive drop table default.abc; OK Time taken: 0.13 seconds The table and the file in /usr/hive/warehouse or external file will be deleted. If you don't have hadoop access permission on /usr/hive/warehouse or external files, you will see a hadoop access error 12/02/23 15:35:35 ERROR hive.log: org.apache.hadoop.security.AccessControlException: org.apache.hadoop.security.AccessControlException: Permission denied: user=test_user, access=WRITE, inode=/user/myetl:myetl:etl:drwxr-xr-x at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) TEST PLAN EMPTY REVISION DETAIL https://reviews.facebook.net/D10371 AFFECTED FILES ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java ql/src/test/queries/clientnegative/authorization_fail_8.q ql/src/test/queries/clientpositive/authorization_8.q ql/src/test/results/clientnegative/authorization_fail_8.q.out ql/src/test/results/clientpositive/authorization_8.q.out MANAGE HERALD RULES https://reviews.facebook.net/herald/view/differential/ WHY DID I GET THIS EMAIL? https://reviews.facebook.net/herald/transcript/24831/ To: JIRA, chenchun Drop any table even without privilege - Key: HIVE-2817 URL: https://issues.apache.org/jira/browse/HIVE-2817 Project: Hive Issue Type: Bug Affects Versions: 0.7.1 Reporter: Benyi Wang Attachments: HIVE-2817.D10371.1.patch You can drop any table if you use fully qualified name 'database.table' even you don't have any previlige. {code} hive set hive.security.authorization.enabled=true; hive revoke all on default from user test_user; hive drop table abc; hive drop table abc; Authorization failed:No privilege 'Drop' found for outputs { database:default, table:abc}. Use show grant to get more details. hive drop table default.abc; OK Time taken: 0.13 seconds {code} The table and the file in {{/usr/hive/warehouse}} or external file will be deleted. If you don't have hadoop access permission on {{/usr/hive/warehouse}} or external files, you will see a hadoop access error {code} 12/02/23 15:35:35 ERROR hive.log: org.apache.hadoop.security.AccessControlException: org.apache.hadoop.security.AccessControlException: Permission denied: user=test_user, access=WRITE, inode=/user/myetl:myetl:etl:drwxr-xr-x at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira