[
https://issues.apache.org/jira/browse/HIVE-25214?focusedWorklogId=621198&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-621198
]
ASF GitHub Bot logged work on HIVE-25214:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 09/Jul/21 22:34
Start Date: 09/Jul/21 22:34
Worklog Time Spent: 10m
Work Description: dantongdong commented on a change in pull request #2384:
URL: https://github.com/apache/hive/pull/2384#discussion_r667240750
##########
File path: standalone-metastore/metastore-server/src/main/resources/package.jdo
##########
@@ -1655,6 +1655,49 @@
</value>
</field>
</class>
+ <class name="MDCPrivilege" table="DC_PRIVS" identity-type="datastore"
detachable="true">
+ <index name="DCPrivilegeIndex" unique="true">
+ <column name="AUTHORIZER"/>
+ <column name="DC_NAME"/>
+ <column name="PRINCIPAL_NAME"/>
+ <column name="PRINCIPAL_TYPE"/>
+ <column name="DC_PRIV"/>
+ <column name="GRANTOR"/>
+ <column name="GRANTOR_TYPE"/>
+ </index>
+
+ <datastore-identity>
+ <column name="DC_GRANT_ID"/>
+ </datastore-identity>
+
+ <field name="principalName">
+ <column name="PRINCIPAL_NAME" length="128" jdbc-type="VARCHAR"/>
+ </field>
+ <field name="principalType">
+ <column name="PRINCIPAL_TYPE" length="128" jdbc-type="VARCHAR"/>
+ </field>
+ <field name="dataConnector">
Review comment:
This is intended. MDCPrivilege has dataconnector as MDataConnector, but
dataconnector itself is actually stored as String in backend Table (because it
cannot store dataconnector type).
The reason why MDCPrivilege can retrieve dataconnector as MDataConnector
even though it is stored as String in backendTable is that DC_NAME here
actually serving as a Foreign Key referencing NAME in DATACONNECTORS table(as
specified in schema when init).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 621198)
Time Spent: 50m (was: 40m)
> Add hive authorization support for Data connectors.
> ---------------------------------------------------
>
> Key: HIVE-25214
> URL: https://issues.apache.org/jira/browse/HIVE-25214
> Project: Hive
> Issue Type: Sub-task
> Reporter: Naveen Gangam
> Assignee: Dantong Dong
> Priority: Major
> Labels: pull-request-available
> Time Spent: 50m
> Remaining Estimate: 0h
>
> We need to add authorization support for data connectors in hive. The default
> behavior should be
> 1) Connectors can be create/dropped by users in admin role.
> 2) Connectors have READ and WRITE permissions.
> * READ permissions are required to fetch a connector object or fetch all
> connector names. So to create a REMOTE database using a connector, users will
> need READ permission on the connector. DDL queries like "show connectors" and
> "describe <connector>" will check for read access on the connector as well.
> * WRITE permissions are required to alter/drop a connector. DDL queries
> like "alter connector" and "drop connector" will need WRITE access on the
> connector.
> Adding this support, Ranger can integrate with this.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
