[
https://issues.apache.org/jira/browse/HIVE-7943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14120440#comment-14120440
]
Thejas M Nair commented on HIVE-7943:
-------------------------------------
The description of the configuration also mentions the purpose - "the
privileges automatically granted to the owner whenever a table gets created."
This is also the case with use grants configuration.
The purpose hasn't been changed intentionally.
The reason for separating user grants and owner grants was so that the owner
user is set correctly, when the owner is changed within a session (for ease of
testing).
> hive.security.authorization.createtable.owner.grants is ineffective with
> Default Authorization
> ----------------------------------------------------------------------------------------------
>
> Key: HIVE-7943
> URL: https://issues.apache.org/jira/browse/HIVE-7943
> Project: Hive
> Issue Type: Bug
> Components: Authorization
> Affects Versions: 0.13.1
> Reporter: Ashu Pachauri
> Attachments: HIVE-7943.1.patch
>
>
> HIVE-6250 separates owner privileges from user privileges. However, Default
> Authorization does not adapt to the change and table owners do not inherit
> permissions from the config.
> Steps to Reproduce:
> set hive.security.authorization.enabled=true;
> set hive.security.authorization.createtable.owner.grants=ALL;
> create table temp_table(id int, value string);
> drop table temp_table;
> Above set of operations throw the following error:
>
> Authorization failed:No privilege 'Drop' found for outputs {
> database:default, table:temp_table}. Use SHOW GRANT to get more details.
> 14/09/02 17:49:38 ERROR ql.Driver: Authorization failed:No privilege 'Drop'
> found for outputs { database:default, table:temp_table}. Use SHOW GRANT to
> get more details.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
