Github user jinfengni commented on a diff in the pull request: https://github.com/apache/drill/pull/461#discussion_r59090757 --- Diff: contrib/storage-hive/core/src/main/java/org/apache/drill/exec/store/hive/schema/HiveDatabaseSchema.java --- @@ -72,4 +80,76 @@ public String getTypeName() { return HiveStoragePluginConfig.NAME; } + @Override + public List<Pair<String, ? extends Table>> getTablesByNames(final List<String> tableNames) { + final String schemaName = getName(); + final List<Pair<String, ? extends Table>> tableNameToTable = Lists.newArrayList(); + List<org.apache.hadoop.hive.metastore.api.Table> tables; + // Retries once if the first call to fetch the metadata fails + synchronized(mClient) { + final List<String> tableNamesWithAuth = Lists.newArrayList(); + for(String tableName : tableNames) { + try { + if(mClient.tableExists(schemaName, tableName)) { --- End diff -- According to [1], under "Sql standard based authorization", Drill will return all the tables, even if the user does not have read access. That's the behavior before Sean's change to use bulk loading of getTableObjectsByNames(). However, under "Storage based authorization", the current expected behavior is only list the tables that user has access [2]. @vkorukanti , does this current behavior make sense? Why would Drill show different behavior under these two models? Essentially, looks to me that the bulk loading will make Drill show same behavior under both "Sql standard based authorization", and "storage based authorization". That is, "show tables" will list all the tables, whether a user has access or not. But when a user query the table he does not have read access, then error will be raised. [1] https://github.com/apache/drill/blob/master/contrib/storage-hive/core/src/test/java/org/apache/drill/exec/impersonation/hive/TestSqlStdBasedAuthorization.java#L153 [2] https://github.com/apache/drill/blob/master/contrib/storage-hive/core/src/test/java/org/apache/drill/exec/impersonation/hive/TestStorageBasedHiveAuthorization.java#L244-L247
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---