You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Pengcheng Xiong (JIRA)" <ji...@apache.org> on 2016/03/03 00:01:18 UTC

[jira] [Created] (HIVE-13198) Authorization issues with cascading views

Pengcheng Xiong created HIVE-13198:
--------------------------------------

             Summary: Authorization issues with cascading views
                 Key: HIVE-13198
                 URL: https://issues.apache.org/jira/browse/HIVE-13198
             Project: Hive
          Issue Type: Sub-task
            Reporter: Pengcheng Xiong
            Assignee: Pengcheng Xiong


Here is a use case. They have a base table t1, from which they create a view v1. They further create a view v2 from v1 by applying a filter. User has access to only view v2, not view v1 or table t1. When user tries to access v2, they are denied access. 

Steps to recreate:
There is a base table t1 that exists in the default database with primary key id and some employee data (name, ssn etc)
Create view v1 - “create view v1 as select * from default.t1;”
Created v2 - “create view v2 as select * from v1 where id =1;”

Permissions provided for user to select all columns from view v2. When user runs select * from v2, hive throws an error “user does not have permissions to select view v1".

Apparently Hive is converting the query to underlying views.
SELECT * FROM v2 LIMIT 100
To
select `v1`.`id`, `v1`.`name`, `v1`.`ssn`, `v1`.`join_date`, `v1`.`location` from `hr`.`v1` where `v1`.`id`=1

Hive should only check for permissions for the view being run in the query, not any parent views. (This is consistent with ORACLE).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)