You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Janus Chow (Jira)" <ji...@apache.org> on 2021/05/28 07:03:00 UTC
[jira] [Created] (HIVE-25174) HiveMetastoreAuthorizer didn't check
URI permission for AlterTableEvent
Janus Chow created HIVE-25174:
---------------------------------
Summary: HiveMetastoreAuthorizer didn't check URI permission for AlterTableEvent
Key: HIVE-25174
URL: https://issues.apache.org/jira/browse/HIVE-25174
Project: Hive
Issue Type: Improvement
Reporter: Janus Chow
When Using Ranger on Hive MetaStore, we met an issue that users without permission to table's HDFS path succeeded in running "msck repair table TABLENAME".
This command is not authorized when we use `StorageBasedAuthorizer`, after checking the code, we found `StorageBasedAuthorizer` would check the permission of table's HDFS path, while `HiveMetastoreAuthorizer` used by Ranger won't when dealing with the event of `AlterTableEvent`.
This ticket is to add the URI permission check on AlterTableEvent for `HiveMetastoreAuthorizer`.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)