[jira] [Work logged] (HIVE-25174) HiveMetastoreAuthorizer didn't check URI permission for AlterTableEvent

Sat, 20 Nov 2021 16:13:07 -0800 


     [ 
https://issues.apache.org/jira/browse/HIVE-25174?focusedWorklogId=684283&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-684283
 ]

ASF GitHub Bot logged work on HIVE-25174:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 21/Nov/21 00:12
            Start Date: 21/Nov/21 00:12
    Worklog Time Spent: 10m 
      Work Description: github-actions[bot] commented on pull request #2327:
URL: https://github.com/apache/hive/pull/2327#issuecomment-974730567


   This pull request has been automatically marked as stale because it has not 
had recent activity. It will be closed if no further activity occurs.
   Feel free to reach out on the d...@hive.apache.org list if the patch is in 
need of reviews.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 684283)
    Time Spent: 50m  (was: 40m)

> HiveMetastoreAuthorizer didn't check URI permission for AlterTableEvent
> -----------------------------------------------------------------------
>
>                 Key: HIVE-25174
>                 URL: https://issues.apache.org/jira/browse/HIVE-25174
>             Project: Hive
>          Issue Type: Improvement
>            Reporter: Janus Chow
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> When Using Ranger on Hive MetaStore, we met an issue that users without 
> permission to table's HDFS path succeeded in running "msck repair table 
> TABLENAME".
> This command is not authorized when we use `StorageBasedAuthorizer`, after 
> checking the code, we found `StorageBasedAuthorizer` would check the 
> permission of table's HDFS path, while `HiveMetastoreAuthorizer` used by 
> Ranger won't when dealing with the event of `AlterTableEvent`.
> This ticket is to add the URI permission check on AlterTableEvent for 
> `HiveMetastoreAuthorizer`.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to