You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/09/21 00:29:00 UTC

[jira] [Work logged] (HIVE-26422) Create table via spark-shell vs HS2 has discrepancy in authorization config policy

     [ https://issues.apache.org/jira/browse/HIVE-26422?focusedWorklogId=810550&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-810550 ]

ASF GitHub Bot logged work on HIVE-26422:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 21/Sep/22 00:28
            Start Date: 21/Sep/22 00:28
    Worklog Time Spent: 10m 
      Work Description: github-actions[bot] commented on PR #3471:
URL: https://github.com/apache/hive/pull/3471#issuecomment-1253049381

   This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
   Feel free to reach out on the dev@hive.apache.org list if the patch is in need of reviews.




Issue Time Tracking
-------------------

    Worklog Id:     (was: 810550)
    Time Spent: 20m  (was: 10m)

> Create table via spark-shell vs HS2 has discrepancy in authorization config policy  
> ------------------------------------------------------------------------------------
>
>                 Key: HIVE-26422
>                 URL: https://issues.apache.org/jira/browse/HIVE-26422
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2, Standalone Metastore
>    Affects Versions: 4.0.0
>            Reporter: Sai Hemanth Gantasala
>            Assignee: Sai Hemanth Gantasala
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Create table via spark-shell creates 4 privileges "INSERT,SELECT,UPDATE,DELETE" via table owner grants config whereas when we create an external table through hiveserver2 (using client like beeline) it doesn't create any owner privileges which is the desired condition.
> Note: In Hive's hive-site.xml, the following is set:
> hive.security.authorization.createtable.user.grants=''
> hive.security.authorization.createtable.group.grants=''
> hive.security.authorization.createtable.role.grants=''
> hive.security.authorization.createtable.owner.grants='' 
> Also the setup is kerberized and uses ranger as an authorization service.
> So, when we create a table via spark-shell we shouldn't set hive.security.authorization.createtable.owner.grants in the code [https://github.com/apache/hive/blob/master/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java#L625] instead it should be picked using hive-site.xml. (which is already done in CreateTableAutomaticGrants class).
> The side effect of having table owner privileges set in the code, is that the TBL_PRIVS table in RDBMS is growing with every create table command.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)