You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafodion.apache.org by "Gao, Rui-Xian (JIRA)" <ji...@apache.org> on 2016/12/28 06:36:58 UTC
[jira] [Commented] (TRAFODION-2409) support privilege
control(column privileges) for hive tables
[ https://issues.apache.org/jira/browse/TRAFODION-2409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15782218#comment-15782218 ]
Gao, Rui-Xian commented on TRAFODION-2409:
------------------------------------------
Another issue is, any user can do update statistics for a hive table --
1. create table in hive :
create external table ext_t1(a int);
2. logon trafci with user1, select from hive.hive.ext_t1 will get internal error as described above, but the user can do 'update statistics' for the hive table.
connect user1/******;
SQL>update statistics for table hive.qa_db_1.traf_ext_t1 on every column;
--- SQL operation complete.
Expect result is ERROR[4481], the user cannot do 'update statistics' since he/she doesn't have select privileges on the table.
> support privilege control(column privileges) for hive tables
> ------------------------------------------------------------
>
> Key: TRAFODION-2409
> URL: https://issues.apache.org/jira/browse/TRAFODION-2409
> Project: Apache Trafodion
> Issue Type: Improvement
> Components: sql-security
> Reporter: Gao, Rui-Xian
> Assignee: Roberta Marton
>
> we need support column privileges for hive tables.
> 1. Currently, we have problem accessing hive native tables with users that is not trafodion --
> 1). create table from hive
> 2). connect with user1, select from hive table will get internal error
> SQL>select * from hive.hive.mytest;
> *** ERROR[1001] An internal error occurred in module ../sqlcomp/PrivMgrPrivileges.cpp on line 4149. DETAILS(objectUID is 0 for get privileges command). [2016-12-20 12:31:55]
> *** ERROR[1034] Unable to obtain privileges [2016-12-20 12:31:55]
> 2. after creating external table for hive table, we can grant/revoke on hive tables, but don't support column privileges, a user will have privilege on all columns though only granted privileges on one column.
> 1). create table from hive
> 2). do 'update statistics' for hive table from trafodion
> 3). grant column privilge on the hive table to a user
> 4). the user still have privileges on all columns
> User trafodion—
> **********************************************************************************************
> >>grant select(a) on hive.hive.inttab1 to qauser1;
> --- SQL operation complete.
> User qauser1 –
> **********************************************************************************************
> SQL>select * from hive.hive.inttab1; // qauser1 should not have select privilege on column b
> --- 0 row(s) selected.
> SQL>insert into hive.hive.inttab1 values(1,1);
> *** ERROR[4481] The user does not have INSERT privilege on table or view HIVE.HIVE.INTTAB1. [2016-12-20 15:12:40]
> User trafodion –
> **********************************************************************************************
> >>grant insert(a) on hive.hive.inttab1 to qauser1;
> --- SQL operation complete.
> User qauser1 –
> **********************************************************************************************
> SQL>insert into hive.hive.inttab1 values(2,2); // qauser1 only have privilege to insert data into column a, but can insert data into all columns.
> --- 1 row(s) inserted.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)