You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2021/09/25 17:24:17 UTC
[ranger] branch master updated: RANGER-3445:Fix regression in
HiveAuthorizer in handling Handle authorization of Hive Drop database /
table if exists
This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 5877f32 RANGER-3445:Fix regression in HiveAuthorizer in handling Handle authorization of Hive Drop database / table if exists
5877f32 is described below
commit 5877f3281ffafc6a32036907ef01db4add7d762d
Author: Ramesh Mani <rm...@cloudera.com>
AuthorDate: Fri Sep 24 23:06:05 2021 -0700
RANGER-3445:Fix regression in HiveAuthorizer in handling Handle authorization of Hive Drop database / table if exists
Signed-off-by: Ramesh Mani <rm...@cloudera.com>
---
.../ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index 42837cd..2ae9379 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -995,8 +995,8 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
}
}
- if (CollectionUtils.isEmpty(inputHObjs) && CollectionUtils.isEmpty(outputHObjs) && !IsCommandInExceptionList(hiveOpType)
- && (hiveOpType.equals(HiveOperationType.DROPDATABASE) || hiveOpType.equals(HiveOperationType.DROPTABLE))) {
+ if (CollectionUtils.isEmpty(inputHObjs) && CollectionUtils.isEmpty(outputHObjs) && !IsCommandInExceptionList(hiveOpType)) {
+ if (hiveOpType.equals(HiveOperationType.DROPDATABASE) || hiveOpType.equals(HiveOperationType.DROPTABLE)) {
//Handle Drop If exists statements where both inputHObjs and outputHObjs will be empty and request has to created out of commandString.
RangerHiveAccessRequest request = buildRequestForDropIfExistsCommands(hiveOpType, user, groups, roles, hiveOpType.name(), context, sessionContext);
if (request != null) {
@@ -1005,6 +1005,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
} else {
String commandString = context == null ? "" : context.getCommandString();
throw new HiveAccessControlException(String.format("Unable to authorize command: [%s] , HivePrivilegeObjects are not available to authorize this command!", commandString));
+ }
}
buildRequestContextWithAllAccessedResources(requests);