Re: Review Request 69254: HIVE-20818: Views created with a WHERE subquery will regard views referenced in the subquery as direct input

2018-11-19 Thread Karen Coppage via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69254/
---

(Updated Nov. 19, 2018, 3:12 p.m.)


Review request for hive.


Changes
---

HIVE-20818.6.patch -- passed Ptests


Bugs: HIVE-20818
https://issues.apache.org/jira/browse/HIVE-20818


Repository: hive-git


Description
---

If Hive is configured with an authorization hook like Sentry, and a view is 
created with a WHERE clause referencing a different view' user has no access 
to, user cannot access the view as view' is considered direct input.
WHERE IN and WHERE EXISTS cause the same issue.
Cascading views created with no WHERE clauses (i.e. with simple SELECTs and 
FROM clauses) work fine.

See Jira for example


Diffs (updated)
-

  ql/src/java/org/apache/hadoop/hive/ql/parse/CalcitePlanner.java b3c6806217 
  ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzer.java 1a2777bf45 
  ql/src/test/org/apache/hadoop/hive/ql/plan/TestViewEntity.java 6ad38b8467 
  ql/src/test/results/clientpositive/llap/explainuser_1.q.out c86450aae2 
  ql/src/test/results/clientpositive/masking_12.q.out 9ecd981797 
  ql/src/test/results/clientpositive/spark/spark_explainuser_1.q.out 1f681944cd 
  ql/src/test/results/clientpositive/spark/subquery_views.q.out c221392264 


Diff: https://reviews.apache.org/r/69254/diff/3/

Changes: https://reviews.apache.org/r/69254/diff/2-3/


Testing
---

Added unit test


Thanks,

Karen Coppage

Re: Review Request 69254: HIVE-20818: Views created with a WHERE subquery will regard views referenced in the subquery as direct input

2018-11-07 Thread Karen Coppage via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69254/
---

(Updated Nov. 7, 2018, 8:56 a.m.)


Review request for hive.


Bugs: HIVE-20818
https://issues.apache.org/jira/browse/HIVE-20818


Repository: hive-git


Description
---

If Hive is configured with an authorization hook like Sentry, and a view is 
created with a WHERE clause referencing a different view' user has no access 
to, user cannot access the view as view' is considered direct input.
WHERE IN and WHERE EXISTS cause the same issue.
Cascading views created with no WHERE clauses (i.e. with simple SELECTs and 
FROM clauses) work fine.

See Jira for example


Diffs (updated)
-

  ql/src/java/org/apache/hadoop/hive/ql/parse/CalcitePlanner.java ab63ce2bc3 
  ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzer.java 1a2777bf45 
  ql/src/test/org/apache/hadoop/hive/ql/plan/TestViewEntity.java 6ad38b8467 


Diff: https://reviews.apache.org/r/69254/diff/2/

Changes: https://reviews.apache.org/r/69254/diff/1-2/


Testing
---

Added unit test


Thanks,

Karen Coppage

Re: Review Request 69254: HIVE-20818: Views created with a WHERE subquery will regard views referenced in the subquery as direct input

2018-11-06 Thread Karen Coppage via Review Board 


> On Nov. 5, 2018, 8:41 p.m., Peter Vary wrote:
> > ql/src/java/org/apache/hadoop/hive/ql/parse/CalcitePlanner.java
> > Lines 3321 (patched)
> > 
> >
> > Is the problem only affects CBO, or RBO as well?
> > What happens when CBO is off?

Great question, this version ignores RBO. Fix is coming in new patch.


- Karen


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69254/#review210334
---


On Nov. 5, 2018, 3:14 p.m., Karen Coppage wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69254/
> ---
> 
> (Updated Nov. 5, 2018, 3:14 p.m.)
> 
> 
> Review request for hive.
> 
> 
> Bugs: HIVE-20818
> https://issues.apache.org/jira/browse/HIVE-20818
> 
> 
> Repository: hive-git
> 
> 
> Description
> ---
> 
> If Hive is configured with an authorization hook like Sentry, and a view is 
> created with a WHERE clause referencing a different view' user has no access 
> to, user cannot access the view as view' is considered direct input.
> WHERE IN and WHERE EXISTS cause the same issue.
> Cascading views created with no WHERE clauses (i.e. with simple SELECTs and 
> FROM clauses) work fine.
> 
> See Jira for example
> 
> 
> Diffs
> -
> 
>   ql/src/java/org/apache/hadoop/hive/ql/parse/CalcitePlanner.java ab63ce2bc3 
>   ql/src/test/org/apache/hadoop/hive/ql/plan/TestViewEntity.java 6ad38b8467 
> 
> 
> Diff: https://reviews.apache.org/r/69254/diff/1/
> 
> 
> Testing
> ---
> 
> Added unit test
> 
> 
> Thanks,
> 
> Karen Coppage
> 
>

Re: Review Request 69254: HIVE-20818: Views created with a WHERE subquery will regard views referenced in the subquery as direct input

2018-11-05 Thread Peter Vary via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69254/#review210334
---



Just one question.
Thanks,
Peter


ql/src/java/org/apache/hadoop/hive/ql/parse/CalcitePlanner.java
Lines 3321 (patched)


Is the problem only affects CBO, or RBO as well?
What happens when CBO is off?



ql/src/test/org/apache/hadoop/hive/ql/plan/TestViewEntity.java
Lines 198 (patched)


Please remove extra spaces..


- Peter Vary


On nov. 5, 2018, 3:14 du, Karen Coppage wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69254/
> ---
> 
> (Updated nov. 5, 2018, 3:14 du)
> 
> 
> Review request for hive.
> 
> 
> Bugs: HIVE-20818
> https://issues.apache.org/jira/browse/HIVE-20818
> 
> 
> Repository: hive-git
> 
> 
> Description
> ---
> 
> If Hive is configured with an authorization hook like Sentry, and a view is 
> created with a WHERE clause referencing a different view' user has no access 
> to, user cannot access the view as view' is considered direct input.
> WHERE IN and WHERE EXISTS cause the same issue.
> Cascading views created with no WHERE clauses (i.e. with simple SELECTs and 
> FROM clauses) work fine.
> 
> See Jira for example
> 
> 
> Diffs
> -
> 
>   ql/src/java/org/apache/hadoop/hive/ql/parse/CalcitePlanner.java ab63ce2bc3 
>   ql/src/test/org/apache/hadoop/hive/ql/plan/TestViewEntity.java 6ad38b8467 
> 
> 
> Diff: https://reviews.apache.org/r/69254/diff/1/
> 
> 
> Testing
> ---
> 
> Added unit test
> 
> 
> Thanks,
> 
> Karen Coppage
> 
>

Review Request 69254: HIVE-20818: Views created with a WHERE subquery will regard views referenced in the subquery as direct input

2018-11-05 Thread Karen Coppage via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69254/
---

Review request for hive.


Bugs: HIVE-20818
https://issues.apache.org/jira/browse/HIVE-20818


Repository: hive-git


Description
---

If Hive is configured with an authorization hook like Sentry, and a view is 
created with a WHERE clause referencing a different view' user has no access 
to, user cannot access the view as view' is considered direct input.
WHERE IN and WHERE EXISTS cause the same issue.
Cascading views created with no WHERE clauses (i.e. with simple SELECTs and 
FROM clauses) work fine.

See Jira for example


Diffs
-

  ql/src/java/org/apache/hadoop/hive/ql/parse/CalcitePlanner.java ab63ce2bc3 
  ql/src/test/org/apache/hadoop/hive/ql/plan/TestViewEntity.java 6ad38b8467 


Diff: https://reviews.apache.org/r/69254/diff/1/


Testing
---

Added unit test


Thanks,

Karen Coppage