[
https://issues.apache.org/jira/browse/HIVE-23607?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17126047#comment-17126047
]
Naresh P R commented on HIVE-23607:
-----------------------------------
Incase on select on view, there will be 2 ReadEntity..
1 for view with noParent & isDirect is true, 2nd for underlying table with view
as parent & isDirect is false.
Same will be validated while preparing privObject
[https://github.com/apache/hive/blob/master/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java#L106-L109]
ie., Incase of view, underlying table/view privs need not to be verified. Only
parent view privs to be checked for user.
> Permission Issue: Create view on another view succeeds but alter view fails
> -----------------------------------------------------------------------------
>
> Key: HIVE-23607
> URL: https://issues.apache.org/jira/browse/HIVE-23607
> Project: Hive
> Issue Type: Bug
> Reporter: Naresh P R
> Assignee: Naresh P R
> Priority: Major
> Labels: pull-request-available
> Attachments: HIVE-23607.patch
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> create table test_table (id int);
> create view test_view as select * from test_table;
>
> {code:java}
> -- user "abc" has read access on test_view
> -- Create view succeeds
> create view test_view_1 as select * from test_view;
> -- Alter view fails
> alter view test_view_1 as select * from test_view
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [abc] does not have [SELECT] privilege on
> [test/test_table] (state=42000,code=40000)
> {code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
