Naveen Gangam created HIVE-18829:
------------------------------------
Summary: Inputs/Outputs are not propagated to SA hooks for explain
commands.
Key: HIVE-18829
URL: https://issues.apache.org/jira/browse/HIVE-18829
Project: Hive
Issue Type: Bug
Components: HiveServer2
Affects Versions: 2.1.1
Reporter: Naveen Gangam
Assignee: Naveen Gangam
With Sentry enabled, commands like {{explain drop table foo}} fail with
{code:java}
explain drop table foo;
Error: Error while compiling statement: FAILED: SemanticException No valid
privileges
Required privilege( Table) not available in input privileges
The required privileges: (state=42000,code=40000)
{code}
Sentry fails to authorize because the ExplainSemanticAnalyzer uses an instance
of DDLSemanticAnalyzer to analyze the explain query.
{code}
BaseSemanticAnalyzer sem = SemanticAnalyzerFactory.get(conf, input);
sem.analyze(input, ctx);
sem.validate()
{code}
The inputs/outputs entities for this query are set in the above code. However,
these are never set on the instance of ExplainSemanticAnalyzer itself and thus
is not propagated into the HookContext in the calling Driver code.
{code}
sem.analyze(tree, ctx); --> this results in calling the above code that uses
DDLSA
hookCtx.update(sem); --> sem is an instance of ExplainSemanticAnalyzer, this
code attempts to update the HookContext with the input/output info from ESA
which is never set.
{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
