You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2023/05/09 10:16:00 UTC

[jira] [Work logged] (HIVE-27195) Drop table if Exists . fails during authorization for temporary tables

     [ https://issues.apache.org/jira/browse/HIVE-27195?focusedWorklogId=861172&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-861172 ]

ASF GitHub Bot logged work on HIVE-27195:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 09/May/23 10:15
            Start Date: 09/May/23 10:15
    Worklog Time Spent: 10m 
      Work Description: rtrivedi12 opened a new pull request, #4304:
URL: https://github.com/apache/hive/pull/4304

   …uthorization for temporary tables
   
   This change includes authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Also, In case of a temporary table drop, empty input, and output HivePrivilegeObject are sent to the authorizer as temporary tables are skipped from authorization.
   
   ### What changes were proposed in this pull request?
   Authorize write actions on the database during drop table action, and add the database object to the list of output objects sent for verifying privileges.
   
   
   ### Why are the changes needed?
   To prevent unauthorized users from dropping temp tables from any database
   
   ### Does this PR introduce _any_ user-facing change?
   No
   
   
   ### How was this patch tested?
   Manually
   




Issue Time Tracking
-------------------

            Worklog Id:     (was: 861172)
    Remaining Estimate: 0h
            Time Spent: 10m

> Drop table if Exists <database>.<tablename> fails during authorization for temporary tables
> -------------------------------------------------------------------------------------------
>
>                 Key: HIVE-27195
>                 URL: https://issues.apache.org/jira/browse/HIVE-27195
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Riju Trivedi
>            Assignee: Riju Trivedi
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> https://issues.apache.org/jira/browse/HIVE-20051 handles skipping authorization for temporary tables. But still, the drop table if Exists fails with  HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=40000) {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)