You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Sai Hemanth Gantasala (Jira)" <ji...@apache.org> on 2022/12/01 00:04:00 UTC
[jira] [Updated] (HIVE-26799) Make authorizations on custom UDFs involved in tables/view configurable.
[ https://issues.apache.org/jira/browse/HIVE-26799?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sai Hemanth Gantasala updated HIVE-26799:
-----------------------------------------
Description:
When Hive is using Ranger/Sentry as an authorization service, consider the following scenario.
{code:java}
> create table test_udf(st string); // privileged user operation
> create function Udf_UPPER as 'openkb.hive.udf.MyUpper' using jar 'hdfs:///tmp/MyUpperUDF-1.0.0.jar'; // privileged user operation
> create view v1_udf as select udf_upper(st) from test_udf; // privileged user operation
//unprivileged user test_user is given select permissions on view v1_udf
> select * from v1_udf; {code}
It is expected that test_user needs to have select privilege on v1_udf and select permissions on udf_upper custom UDF in order to do a select query on view.
This patch introduces a configuration "hive.security.authorization.functions.in.view"=false which disables authorization on views associated with views/tables during the select query. In this mode, only UDFs explicitly stated in the query would still be authorized as it is currently.
The reason for making these custom UDFs associated with view/tables authorizable is that currently, test_user will need to be granted select permissions on the custom udf. and the test_user can use this UDF and query against any other table, which is a security concern.
was:
When Hive is using Ranger/Sentry as an authorization service, consider the following scenario.
{code:java}
> create table test_udf(st string); // privileged user operation
> create function Udf_UPPER as 'openkb.hive.udf.MyUpper' using jar 'hdfs:///tmp/MyUpperUDF-1.0.0.jar'; // privileged user operation
> create view v1_udf as select udf_upper(st) from test_udf; // privileged user operation
//unprivileged user test_user is given select permissions on view v1_udf
> select * from v1_udf; {code}
It is expected that test_user needs to have select privilege on v1_udf and select permissions on udf_upper custom UDF in order to do a select query on view.
This patch introduces a configuration "hive.security.authorization.functions.in.view"=false which disables authorization on views associated with views/tables during the select query. In this mode, only UDFs explicitly stated in the query would still be authorized as it is currently.
The reason for making these custom UDFs associated with view/tables authorizable is that currently, test_user will need to be granted select permissions on the custom udf. and the test_user can use this UDF and query against any other table, which is a security concern.
> Make authorizations on custom UDFs involved in tables/view configurable.
> ------------------------------------------------------------------------
>
> Key: HIVE-26799
> URL: https://issues.apache.org/jira/browse/HIVE-26799
> Project: Hive
> Issue Type: New Feature
> Components: HiveServer2, Security
> Affects Versions: 4.0.0-alpha-2
> Reporter: Sai Hemanth Gantasala
> Assignee: Sai Hemanth Gantasala
> Priority: Major
>
> When Hive is using Ranger/Sentry as an authorization service, consider the following scenario.
> {code:java}
> > create table test_udf(st string); // privileged user operation
> > create function Udf_UPPER as 'openkb.hive.udf.MyUpper' using jar 'hdfs:///tmp/MyUpperUDF-1.0.0.jar'; // privileged user operation
> > create view v1_udf as select udf_upper(st) from test_udf; // privileged user operation
> //unprivileged user test_user is given select permissions on view v1_udf
> > select * from v1_udf; {code}
> It is expected that test_user needs to have select privilege on v1_udf and select permissions on udf_upper custom UDF in order to do a select query on view.
> This patch introduces a configuration "hive.security.authorization.functions.in.view"=false which disables authorization on views associated with views/tables during the select query. In this mode, only UDFs explicitly stated in the query would still be authorized as it is currently.
> The reason for making these custom UDFs associated with view/tables authorizable is that currently, test_user will need to be granted select permissions on the custom udf. and the test_user can use this UDF and query against any other table, which is a security concern.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)