[
https://issues.apache.org/jira/browse/HIVE-20818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16686492#comment-16686492
]
Hive QA commented on HIVE-20818:
--------------------------------
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12948111/HIVE-20818.4.patch
{color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified.
{color:red}ERROR:{color} -1 due to 4 failed/errored test(s), 15541 tests
executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[masking_12] (batchId=1)
org.apache.hadoop.hive.cli.TestMiniLlapLocalCliDriver.testCliDriver[explainuser_1]
(batchId=167)
org.apache.hadoop.hive.cli.TestMiniSparkOnYarnCliDriver.testCliDriver[spark_explainuser_1]
(batchId=190)
org.apache.hadoop.hive.cli.TestSparkCliDriver.testCliDriver[subquery_views]
(batchId=116)
{noformat}
Test results:
https://builds.apache.org/job/PreCommit-HIVE-Build/14925/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14925/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14925/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.YetusPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 4 tests failed
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12948111 - PreCommit-HIVE-Build
> Views created with a WHERE subquery will regard views referenced in the
> subquery as direct input
> ------------------------------------------------------------------------------------------------
>
> Key: HIVE-20818
> URL: https://issues.apache.org/jira/browse/HIVE-20818
> Project: Hive
> Issue Type: Bug
> Reporter: Karen Coppage
> Assignee: Karen Coppage
> Priority: Major
> Attachments: HIVE-20818.2.patch, HIVE-20818.3.patch,
> HIVE-20818.4.patch, HIVE-20818.patch
>
>
> If Hive is configured with an authorization hook like Sentry, and a view is
> created with a WHERE clause referencing a different view' user has no access
> to, user cannot access the view as view' is considered direct input.
> For example:
> {code:java}
> create database db1;
> create database db2;
> create database db3;
>
> create table db1.table1 (cola string, colb string, colc string);
> insert into db1.table1 values ('a','b','c');
> insert into db1.table1 values ('x','y','z');
> CREATE VIEW db2.view1 AS SELECT cola, colb, colc FROM db1.table1 WHERE
> cola="x";
> CREATE VIEW db2.view2 AS SELECT table1.cola, table1.colb, table1.colc FROM
> db1.table1 WHERE table1.cola NOT IN (SELECT view1.cola FROM db2.view1);
> create view db3.view3 as select * from db2.view2
> {code}
> If test_user has read permission for only db3 (but not db1 or db2), their
> query
> {code:java}
> select * from db3.view3;{code}
> will fail with :
> {code:java}
> Error while compiling statement: FAILED: SemanticException No valid
> privileges User test_user does not have privileges for QUERY The required
> privileges: Server=server1->Db=db2->Table=view1->action=select; {code}
> WHERE IN and WHERE EXISTS cause the same issue.
> Cascading views created with no WHERE clauses (i.e. with simple SELECTs and
> FROM clauses) work fine.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
