[GitHub] drill pull request: DRILL-4577: Construct a specific path for quer...

Fri, 08 Apr 2016 14:19:14 -0700 

Github user jinfengni commented on a diff in the pull request:

    https://github.com/apache/drill/pull/461#discussion_r59090757
  
    --- Diff: 
contrib/storage-hive/core/src/main/java/org/apache/drill/exec/store/hive/schema/HiveDatabaseSchema.java
 ---
    @@ -72,4 +80,76 @@ public String getTypeName() {
         return HiveStoragePluginConfig.NAME;
       }
     
    +  @Override
    +  public List<Pair<String, ? extends Table>> getTablesByNames(final 
List<String> tableNames) {
    +    final String schemaName = getName();
    +    final List<Pair<String, ? extends Table>> tableNameToTable = 
Lists.newArrayList();
    +    List<org.apache.hadoop.hive.metastore.api.Table> tables;
    +    // Retries once if the first call to fetch the metadata fails
    +    synchronized(mClient) {
    +      final List<String> tableNamesWithAuth = Lists.newArrayList();
    +      for(String tableName : tableNames) {
    +        try {
    +          if(mClient.tableExists(schemaName, tableName)) {
    --- End diff --
    
    According to [1], under "Sql standard based authorization", Drill will 
return all the tables, even if the user does not have read access. That's the 
behavior before Sean's change to use bulk loading of getTableObjectsByNames(). 
However, under "Storage based authorization", the current expected behavior is 
only list the tables that user has access [2].
    
    @vkorukanti , does this current behavior make sense? Why would Drill show 
different behavior under these two models?
    
    Essentially, looks to me that the bulk loading will make Drill show same 
behavior under both "Sql standard based authorization", and "storage based 
authorization". That is, "show tables" will list all the tables, whether a user 
has access or not. But when a user query the table he does not have read 
access, then error will be raised.
    
    [1] 
https://github.com/apache/drill/blob/master/contrib/storage-hive/core/src/test/java/org/apache/drill/exec/impersonation/hive/TestSqlStdBasedAuthorization.java#L153
    
    [2] 
https://github.com/apache/drill/blob/master/contrib/storage-hive/core/src/test/java/org/apache/drill/exec/impersonation/hive/TestStorageBasedHiveAuthorization.java#L244-L247


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to