You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "John Sherman (Jira)" <ji...@apache.org> on 2022/03/15 16:50:00 UTC

[jira] [Created] (HIVE-26038) Respect Owner privileges in all paths in AuthorizationMetaStoreFilterHook

John Sherman created HIVE-26038:
-----------------------------------

             Summary: Respect Owner privileges in all paths in AuthorizationMetaStoreFilterHook
                 Key: HIVE-26038
                 URL: https://issues.apache.org/jira/browse/HIVE-26038
             Project: Hive
          Issue Type: Improvement
          Components: Metastore
            Reporter: John Sherman


Currently there are some paths in AuthorizationMetaStoreFilterHook that do not provide object ownership information to the authorization plugin. Specifically - any method using filterDatabases or filterTableNames will not include object ownership in the privilege request. This is problematic when an application using Hive uses these code paths together:
Example:
Applications creates a table, inserts into, selects from it through HS2. Explicit privilege is never given to the table in the authorization provider - it is relying on the fact that the user is owner of the table. (The user has CREATE privilege on the DB in question to be able to CREATE the table).

Application then uses:
service/src/java/org/apache/hive/service/cli/operation/GetTablesOperation.java
to get a list of tables. Which in turn calls metastoreClient.getTableMeta - which ends up using filterTableNames to remove table entries that the user is not authorized to see. But filterTableNames does not provide table ownership information to the authorization framework so the framework will filter out tables user actually has ownership of.

There are two methods here:
{code:java}
public List<String> filterTableNames(String catName, String dbName, List<String> tableList){code}
vs
{code:java}
public List<Table> filterTables(List<Table> tableList) throws MetaException{code}
First one only takes in a list of strings and would be impossible to provide proper ownership information (without additional HMS calls) - we should remove this method and modify all code paths to use filterTables. This would involve some plumbing and adding additional information to various HMS responses to include ownership information.

The same problem exists for the database code paths.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)