rtrivedi12 commented on code in PR #5689:
URL: https://github.com/apache/hive/pull/5689#discussion_r2162582482
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateTableEvent.java:
##########
@@ -82,8 +100,19 @@ private List<HivePrivilegeObject> getOutputHObjs() {
ret.add(getHivePrivilegeObject(database));
ret.add(getHivePrivilegeObject(table));
- if (StringUtils.isNotEmpty(uri) &&
!TableType.EXTERNAL_TABLE.toString().equalsIgnoreCase(table.getTableType())) {
- ret.add(new HivePrivilegeObject(HivePrivilegeObjectType.DFS_URI, null,
uri));
+ if (StringUtils.isNotEmpty(uri)) {
+ String expectedTablePath = null;
+ try {
+ expectedTablePath =
preEventContext.getHandler().getWh().getDefaultTablePath(database,
table).toString();
+ } catch (MetaException e) {
+ LOG.warn("Got exception fetching Default location for dbName: {}
tableName: {} ", database.getName(),
+ table.getTableName(), e);
+ }
+
+ // Skip DFS_URI for external tables and if managed table location is
under default db path
+ if (!MetaStoreUtils.isExternalTable(table) && this.needDFSUriAuth(uri,
expectedTablePath)) {
+ ret.add(new HivePrivilegeObject(HivePrivilegeObjectType.DFS_URI, null,
uri));
+ }
Review Comment:
Do you mean we should always send DFS_URI for authorization for output
objects ? In that case, CREATE TABLE for managed table will still need DFS_URI
policy for write access even when location is not specified.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For additional commands, e-mail: gitbox-h...@hive.apache.org
