[ https://issues.apache.org/jira/browse/HIVE-27021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17689832#comment-17689832 ]
Stamatis Zampetakis commented on HIVE-27021: -------------------------------------------- It is already possible to achieve the "New flow" via configuration. Those interested to enforce permissions before dropping the table can use [metastore pre-listeners|https://github.com/apache/hive/blob/29dc08172ba9ae3a3f51320f656994c20198c5f0/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/HMSHandler.java#L360]. There are also already implemented handlers that perform checks based on the filesystem directory permissions. I see the following disadvantages for adding a new check: * It will have impact on performance since it will add extra FS operations; * It will be breaking change since it will lead to behavior change for the mentioned methods; * It will not be overridable meaning that if some users do not want the operation to fail they will have no control over it; The negatives outweigh the positives especially since it is possible to achieve the same effect via configuration. > Drop table should not be success on purge enabled tables if underlying HDFS > data delete fails > --------------------------------------------------------------------------------------------- > > Key: HIVE-27021 > URL: https://issues.apache.org/jira/browse/HIVE-27021 > Project: Hive > Issue Type: Bug > Reporter: iBenny > Priority: Minor > Labels: backward-incompatible > > User A has drop privs for a table, but does not have delete privs on table > HDFS path & table purge is enabled. When User A fires drop table command, HMS > metadata is removed but HDFS files are left as-is & drop is reported > successful leaving stale files. > For example, the drop table query is completed successfully. > {code:java} > 0: jdbc:hive2://> drop table testtb_ex1 > INFO : Semantic Analysis Completed (retrial = false) > INFO : Created Hive schema: Schema(fieldSchemas:null, properties:null) > INFO : Completed compiling > command(queryId=hive_20221213121153_67cc8de3-9bd1-47c5-b2ec-13f6a0cd5125); > Time taken: 0.032 seconds > INFO : Executing > command(queryId=hive_20221213121153_67cc8de3-9bd1-47c5-b2ec-13f6a0cd5125): > drop table testtb_ex1 > INFO : Starting task [Stage-0:DDL] in serial mode > INFO : Completed executing > command(queryId=hive_20221213121153_67cc8de3-9bd1-47c5-b2ec-13f6a0cd5125); > Time taken: 0.413 seconds > INFO : OK > No rows affected (0.516 seconds) {code} > However, the table HDFS data deletion fails > {code:java} > 2022-12-13 12:11:53,700 ERROR > org.apache.hadoop.hive.metastore.utils.MetaStoreUtils: [pool-6-thread-73]: > Got exception: org.apache.hadoop.security.AccessControlException Permission > denied by sticky bit: user > =oozie, > path="/warehouse/tablespace/external/hive/testtb_ex1":hive:hive:drwxr-xr-x, > parent="/warehouse/tablespace/external/hive":hive:hive:drwxrwxrwt{code} -- This message was sent by Atlassian Jira (v8.20.10#820010)