You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by Navis Ryu <na...@nexr.com> on 2014/12/09 08:52:41 UTC

Re: Review Request 15855: Check DATABASES/TABLE privilege for metastore authorizer


> On May 24, 2014, 1:17 a.m., Ashutosh Chauhan wrote:
> > metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java, line 830
> > <https://reviews.apache.org/r/15855/diff/1/?file=391130#file391130line830>
> >
> >     Technically, its a post event since event = ObjectStore call already happened on previous line.

Yes, technically it is post event. But if the result is not delivered to client, can we regard that as pre-event? It whould be meaningless to authorize without databases/tables to be used. Should we introduce post-event listeners?


> On May 24, 2014, 1:17 a.m., Ashutosh Chauhan wrote:
> > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationPreEventListener.java, line 246
> > <https://reviews.apache.org/r/15855/diff/1/?file=391134#file391134line246>
> >
> >     If user is not authorized for show databases, than authorization exception should be thrown instead of not showing that database.

If it's some real access(read or write) to the database or table, it's definitely right to throw exception (in that action). But this is just for showing/listing legitimated databases/tables for the user. Isn't it?


- Navis


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15855/#review43888
-----------------------------------------------------------


On Nov. 26, 2013, 8:49 a.m., Navis Ryu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/15855/
> -----------------------------------------------------------
> 
> (Updated Nov. 26, 2013, 8:49 a.m.)
> 
> 
> Review request for hive.
> 
> 
> Bugs: HIVE-5890
>     https://issues.apache.org/jira/browse/HIVE-5890
> 
> 
> Repository: hive-git
> 
> 
> Description
> -------
> 
> Commands like "show database" are not checked in metastore event listener.
> 
> 
> Diffs
> -----
> 
>   metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 01c2626 
>   metastore/src/java/org/apache/hadoop/hive/metastore/events/PreEventContext.java 5021a73 
>   metastore/src/java/org/apache/hadoop/hive/metastore/events/PreGetDatabasesEvent.java PRE-CREATION 
>   metastore/src/java/org/apache/hadoop/hive/metastore/events/PreGetTablesEvent.java PRE-CREATION 
>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationPreEventListener.java 9a90549 
> 
> Diff: https://reviews.apache.org/r/15855/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Navis Ryu
> 
>