Naveen Gangam created HIVE-18829: ------------------------------------ Summary: Inputs/Outputs are not propagated to SA hooks for explain commands. Key: HIVE-18829 URL: https://issues.apache.org/jira/browse/HIVE-18829 Project: Hive Issue Type: Bug Components: HiveServer2 Affects Versions: 2.1.1 Reporter: Naveen Gangam Assignee: Naveen Gangam
With Sentry enabled, commands like {{explain drop table foo}} fail with {code:java} explain drop table foo; Error: Error while compiling statement: FAILED: SemanticException No valid privileges Required privilege( Table) not available in input privileges The required privileges: (state=42000,code=40000) {code} Sentry fails to authorize because the ExplainSemanticAnalyzer uses an instance of DDLSemanticAnalyzer to analyze the explain query. {code} BaseSemanticAnalyzer sem = SemanticAnalyzerFactory.get(conf, input); sem.analyze(input, ctx); sem.validate() {code} The inputs/outputs entities for this query are set in the above code. However, these are never set on the instance of ExplainSemanticAnalyzer itself and thus is not propagated into the HookContext in the calling Driver code. {code} sem.analyze(tree, ctx); --> this results in calling the above code that uses DDLSA hookCtx.update(sem); --> sem is an instance of ExplainSemanticAnalyzer, this code attempts to update the HookContext with the input/output info from ESA which is never set. {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)