[ https://issues.apache.org/jira/browse/HIVE-2818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13900018#comment-13900018 ]
Navis commented on HIVE-2818: ----------------------------- Some operation induces other operation. For example, import operation creates table if the table is not exists. In this case, we cannot authorize the induces operation(create table:CREATE for DATABASE) with original operation(import:ALTER_METADATA and ALTER_DATA for TABLE). It's once checked in Driver (if operation == IMPORT than iterate tasks.. find CREATE.. authorize for that, etc.). But I thought this is far easier than that. Intended to add review board link when the test passed. Considering It's rebased from totally different version, which is based on hive-0.11+200patches, you might understand my reluctancy. > Create table should check privilege of target database, not default database > ---------------------------------------------------------------------------- > > Key: HIVE-2818 > URL: https://issues.apache.org/jira/browse/HIVE-2818 > Project: Hive > Issue Type: Bug > Components: Authorization, Security > Affects Versions: 0.7.1 > Reporter: Benyi Wang > Assignee: Navis > Attachments: HIVE-2818.1.patch.txt, HIVE-2818.2.patch.txt, > HIVE-2818.3.patch.txt, HIVE-2818.4.patch.txt, HIVE-2818.5.patch.txt, > HIVE-2818.6.patch.txt > > > Hive seems check the current database to determine the privilege of a > statement when you use fully qualified name like 'database.table' > > {code} > hive> set hive.security.authorization.enabled=true; > hive> create database test_db; > hive> grant all on database test_db to user test_user; > hive> revoke all on database default from test_user; > hive> use default; > hive> create table test_db.new_table (id int); > Authorization failed:No privilege 'Create' found for outputs { > database:default}. Use show grant to get more details. > hive> use test_db; > hive> create table test_db.new_table (id int); > {code} -- This message was sent by Atlassian JIRA (v6.1.5#6160)