[hive] branch master updated: HIVE-25695: Making spark views authorization configurable on hive(Saihemanth via Naveen Gangam)

Tue, 16 Nov 2021 19:37:28 -0800 

This is an automated email from the ASF dual-hosted git repository.

ngangam pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git


The following commit(s) were added to refs/heads/master by this push:
     new e61460b  HIVE-25695: Making spark views authorization configurable on 
hive(Saihemanth via Naveen Gangam)
e61460b is described below

commit e61460b36178de3d8f2ddb28ad3f03902a34c3a8
Author: saihemanth <saihema...@cloudera.com>
AuthorDate: Fri Nov 12 12:23:26 2021 -0800

    HIVE-25695: Making spark views authorization configurable on 
hive(Saihemanth via Naveen Gangam)
---
 common/src/java/org/apache/hadoop/hive/conf/HiveConf.java             | 3 +++
 .../hive/ql/security/authorization/command/CommandAuthorizerV2.java   | 4 +++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 
b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
index 47fb831..ad60447 100644
--- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
+++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
@@ -3467,6 +3467,9 @@ public class HiveConf extends Configuration {
         "hive.test.authz.sstd.hs2.mode", false, "test hs2 mode from .q tests", 
true),
     HIVE_AUTHORIZATION_ENABLED("hive.security.authorization.enabled", false,
         "enable or disable the Hive client authorization"),
+    
HIVE_AUTHORIZATION_ENABLED_ON_SPARK_VIEWS("hive.security.authorization.enabled.on.spark.views",true,
+            "The configuration is gives the flexibility to admin to user 
whether to turn on/off the authorization model" +
+                    "introduced in HIVE-24026"),
     
HIVE_AUTHORIZATION_KERBEROS_USE_SHORTNAME("hive.security.authorization.kerberos.use.shortname",
 true,
         "use short name in Kerberos cluster"),
     HIVE_AUTHORIZATION_MANAGER("hive.security.authorization.manager",
diff --git 
a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java
 
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java
index 5526ee5..c31f39c 100644
--- 
a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java
+++ 
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java
@@ -24,6 +24,7 @@ import java.util.Map;
 import java.util.Set;
 import java.util.Map.Entry;
 
+import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.hive.metastore.TableType;
 import org.apache.hadoop.hive.metastore.api.DataConnector;
 import org.apache.hadoop.hive.metastore.api.Database;
@@ -159,7 +160,8 @@ final class CommandAuthorizerV2 {
     }
     if(isView){
       Map<String, String> params = t.getParameters();
-      if (params != null && params.containsKey(authorizedKeyword)) {
+      if (HiveConf.getBoolVar(SessionState.get().getConf(), 
HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED_ON_SPARK_VIEWS)
+              && params != null && params.containsKey(authorizedKeyword)) {
         String authorizedValue = params.get(authorizedKeyword);
         if ("false".equalsIgnoreCase(authorizedValue)) {
           return true;

Reply via email to