You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafodion.apache.org by "Gao, Rui-Xian (JIRA)" <ji...@apache.org> on 2016/12/21 02:08:58 UTC
[jira] [Created] (TRAFODION-2409) support privilege control(column
privileges) for hive tables
Gao, Rui-Xian created TRAFODION-2409:
----------------------------------------
Summary: support privilege control(column privileges) for hive tables
Key: TRAFODION-2409
URL: https://issues.apache.org/jira/browse/TRAFODION-2409
Project: Apache Trafodion
Issue Type: Improvement
Components: sql-security
Reporter: Gao, Rui-Xian
Assignee: Roberta Marton
we need support column privileges for hive tables.
1. Currently, we have problem accessing hive native tables with users that is not trafodion --
1). create table from hive
2). connect with user1, select from hive table will get internal error
SQL>select * from hive.hive.mytest;
*** ERROR[1001] An internal error occurred in module ../sqlcomp/PrivMgrPrivileges.cpp on line 4149. DETAILS(objectUID is 0 for get privileges command). [2016-12-20 12:31:55]
*** ERROR[1034] Unable to obtain privileges [2016-12-20 12:31:55]
2. after creating external table for hive table, we can grant/revoke on hive tables, but don't support column privileges, a user will have privilege on all columns though only granted privileges on one column.
1). create table from hive
2). do 'update statistics' for hive table from trafodion
3). grant column privilge on the hive table to a user
4). the user still have privileges on all columns
User trafodion—
**********************************************************************************************
>>grant select(a) on hive.hive.inttab1 to qauser1;
--- SQL operation complete.
User qauser1 –
**********************************************************************************************
SQL>select * from hive.hive.inttab1; // qauser1 should not have select privilege on column b
--- 0 row(s) selected.
SQL>insert into hive.hive.inttab1 values(1,1);
*** ERROR[4481] The user does not have INSERT privilege on table or view HIVE.HIVE.INTTAB1. [2016-12-20 15:12:40]
User trafodion –
**********************************************************************************************
>>grant insert(a) on hive.hive.inttab1 to qauser1;
--- SQL operation complete.
User qauser1 –
**********************************************************************************************
SQL>insert into hive.hive.inttab1 values(2,2); // qauser1 only have privilege to insert data into column a, but can insert data into all columns.
--- 1 row(s) inserted.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)