[
https://issues.apache.org/jira/browse/HIVE-7943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14120306#comment-14120306
]
Thejas M Nair commented on HIVE-7943:
-------------------------------------
This patch does not add the owner grants into table metadata. That is the
purpose of this configuration flag. Instead it is adding the privileges at
runtime during the checks.
Looking at the current code again, I don't see a bug there wrt to the
privileges getting set at table creation. I wonder if the problem is that "ALL"
privileges are not getting correctly interpreted as including the the Drop
privilege.
In the example that you have in description. Can you paste the output of 'show
grant on table temp_table' ?
> hive.security.authorization.createtable.owner.grants is ineffective with
> Default Authorization
> ----------------------------------------------------------------------------------------------
>
> Key: HIVE-7943
> URL: https://issues.apache.org/jira/browse/HIVE-7943
> Project: Hive
> Issue Type: Bug
> Components: Authorization
> Affects Versions: 0.13.1
> Reporter: Ashu Pachauri
> Attachments: HIVE-7943.1.patch
>
>
> HIVE-6250 separates owner privileges from user privileges. However, Default
> Authorization does not adapt to the change and table owners do not inherit
> permissions from the config.
> Steps to Reproduce:
> set hive.security.authorization.enabled=true;
> set hive.security.authorization.createtable.owner.grants=ALL;
> create table temp_table(id int, value string);
> drop table temp_table;
> Above set of operations throw the following error:
>
> Authorization failed:No privilege 'Drop' found for outputs {
> database:default, table:temp_table}. Use SHOW GRANT to get more details.
> 14/09/02 17:49:38 ERROR ql.Driver: Authorization failed:No privilege 'Drop'
> found for outputs { database:default, table:temp_table}. Use SHOW GRANT to
> get more details.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
