You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Janus Chow (Jira)" <ji...@apache.org> on 2021/05/28 07:03:00 UTC

[jira] [Created] (HIVE-25174) HiveMetastoreAuthorizer didn't check URI permission for AlterTableEvent

Janus Chow created HIVE-25174:
---------------------------------

             Summary: HiveMetastoreAuthorizer didn't check URI permission for AlterTableEvent
                 Key: HIVE-25174
                 URL: https://issues.apache.org/jira/browse/HIVE-25174
             Project: Hive
          Issue Type: Improvement
            Reporter: Janus Chow


When Using Ranger on Hive MetaStore, we met an issue that users without permission to table's HDFS path succeeded in running "msck repair table TABLENAME".

This command is not authorized when we use `StorageBasedAuthorizer`, after checking the code, we found `StorageBasedAuthorizer` would check the permission of table's HDFS path, while `HiveMetastoreAuthorizer` used by Ranger won't when dealing with the event of `AlterTableEvent`.

This ticket is to add the URI permission check on AlterTableEvent for `HiveMetastoreAuthorizer`.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)