You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by rm...@apache.org on 2021/09/25 17:24:17 UTC

[ranger] branch master updated: RANGER-3445:Fix regression in HiveAuthorizer in handling Handle authorization of Hive Drop database / table if exists

This is an automated email from the ASF dual-hosted git repository.

rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 5877f32  RANGER-3445:Fix regression in HiveAuthorizer in handling Handle authorization of Hive Drop database / table if exists
5877f32 is described below

commit 5877f3281ffafc6a32036907ef01db4add7d762d
Author: Ramesh Mani <rm...@cloudera.com>
AuthorDate: Fri Sep 24 23:06:05 2021 -0700

    RANGER-3445:Fix regression in HiveAuthorizer in handling Handle authorization of Hive Drop database / table if exists
    
    Signed-off-by: Ramesh Mani <rm...@cloudera.com>
---
 .../ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index 42837cd..2ae9379 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -995,8 +995,8 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 				}
 			}
 
-			if (CollectionUtils.isEmpty(inputHObjs) && CollectionUtils.isEmpty(outputHObjs) && !IsCommandInExceptionList(hiveOpType)
-					&& (hiveOpType.equals(HiveOperationType.DROPDATABASE) || hiveOpType.equals(HiveOperationType.DROPTABLE)))  {
+			if (CollectionUtils.isEmpty(inputHObjs) && CollectionUtils.isEmpty(outputHObjs) && !IsCommandInExceptionList(hiveOpType)) {
+				if (hiveOpType.equals(HiveOperationType.DROPDATABASE) || hiveOpType.equals(HiveOperationType.DROPTABLE)) {
 					//Handle Drop If exists statements where both inputHObjs and outputHObjs will be empty and request has to created out of commandString.
 					RangerHiveAccessRequest request = buildRequestForDropIfExistsCommands(hiveOpType, user, groups, roles, hiveOpType.name(), context, sessionContext);
 					if (request != null) {
@@ -1005,6 +1005,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 				} else {
 					String commandString = context == null ? "" : context.getCommandString();
 					throw new HiveAccessControlException(String.format("Unable to authorize command: [%s] , HivePrivilegeObjects are not available to authorize this command!", commandString));
+				}
 			}
 
 			buildRequestContextWithAllAccessedResources(requests);