You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Sai Hemanth Gantasala (Jira)" <ji...@apache.org> on 2022/07/22 16:49:00 UTC
[jira] [Assigned] (HIVE-26422) Create table via spark-shell vs HS2 has discrepancy in authorization config policy
[ https://issues.apache.org/jira/browse/HIVE-26422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sai Hemanth Gantasala reassigned HIVE-26422:
--------------------------------------------
> Create table via spark-shell vs HS2 has discrepancy in authorization config policy
> ------------------------------------------------------------------------------------
>
> Key: HIVE-26422
> URL: https://issues.apache.org/jira/browse/HIVE-26422
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2, Standalone Metastore
> Affects Versions: 4.0.0
> Reporter: Sai Hemanth Gantasala
> Assignee: Sai Hemanth Gantasala
> Priority: Major
>
> Create table via spark-shell creates 4 privileges "INSERT,SELECT,UPDATE,DELETE" via table owner grants config whereas when we create an external table through hiveserver2 (using client like beeline) it doesn't create any owner privileges which is the desired condition.
> Note: In Hive's hive-site.xml, the following is set:
> hive.security.authorization.createtable.user.grants=''
> hive.security.authorization.createtable.group.grants=''
> hive.security.authorization.createtable.role.grants=''
> hive.security.authorization.createtable.owner.grants=''
> Also the setup is kerberized and uses ranger as an authorization service.
> So, when we create a table via spark-shell we shouldn't set hive.security.authorization.createtable.owner.grants in the code [https://github.com/apache/hive/blob/master/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java#L625] instead it should be picked using hive-site.xml. (which is already done in CreateTableAutomaticGrants class).
> The side effect of having table owner privileges set in the code, is that the TBL_PRIVS table in RDBMS is growing with every create table command.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)