[jira] [Updated] (HIVE-18778) Needs to capture input/output entities in explain

Wed, 28 Feb 2018 15:58:41 -0800 

     [ 
https://issues.apache.org/jira/browse/HIVE-18778?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Naveen Gangam updated HIVE-18778:
---------------------------------
    Description: 


With Sentry enabled, commands like explain drop table foo fail with {{explain 
drop table foo;}}
{code}
Error: Error while compiling statement: FAILED: SemanticException No valid 
privileges
 Required privilege( Table) not available in input privileges
 The required privileges: (state=42000,code=40000)
{code}

Sentry fails to authorize because the ExplainSemanticAnalyzer uses an instance 
of DDLSemanticAnalyzer to analyze the explain query.
{code}
BaseSemanticAnalyzer sem = SemanticAnalyzerFactory.get(conf, input);
sem.analyze(input, ctx);
sem.validate()
{code}

The inputs/outputs entities for this query are set in the above code. However, 
these are never set on the instance of ExplainSemanticAnalyzer itself and thus 
is not propagated into the HookContext in the calling Driver code.
{code}
sem.analyze(tree, ctx); --> this results in calling the above code that uses 
DDLSA
hookCtx.update(sem); --> sem is an instance of ExplainSemanticAnalyzer, this 
code attempts to update the HookContext with the input/output info from ESA 
which is never set.
{code}


> Needs to capture input/output entities in explain
> -------------------------------------------------
>
>                 Key: HIVE-18778
>                 URL: https://issues.apache.org/jira/browse/HIVE-18778
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Daniel Dai
>            Assignee: Daniel Dai
>            Priority: Major
>         Attachments: HIVE-18778.1.patch, HIVE-18778.2.patch
>
>
> With Sentry enabled, commands like explain drop table foo fail with {{explain 
> drop table foo;}}
> {code}
> Error: Error while compiling statement: FAILED: SemanticException No valid 
> privileges
>  Required privilege( Table) not available in input privileges
>  The required privileges: (state=42000,code=40000)
> {code}
> Sentry fails to authorize because the ExplainSemanticAnalyzer uses an 
> instance of DDLSemanticAnalyzer to analyze the explain query.
> {code}
> BaseSemanticAnalyzer sem = SemanticAnalyzerFactory.get(conf, input);
> sem.analyze(input, ctx);
> sem.validate()
> {code}
> The inputs/outputs entities for this query are set in the above code. 
> However, these are never set on the instance of ExplainSemanticAnalyzer 
> itself and thus is not propagated into the HookContext in the calling Driver 
> code.
> {code}
> sem.analyze(tree, ctx); --> this results in calling the above code that uses 
> DDLSA
> hookCtx.update(sem); --> sem is an instance of ExplainSemanticAnalyzer, this 
> code attempts to update the HookContext with the input/output info from ESA 
> which is never set.
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to