[ https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17745509#comment-17745509 ]
Riju Trivedi commented on HIVE-27195: ------------------------------------- Thank you [~zabetak] for reviewing and consolidating test scenarios. I have updated the test results to the [sheet|https://docs.google.com/spreadsheets/d/1CJ1U0LOCpK7TfxY5RSSM4Wmbmt7GiKt5VQrWt1x2tfs/edit?pli=1#gid=0] and uploaded tests to the PR. > Add database authorization for drop table command > ------------------------------------------------- > > Key: HIVE-27195 > URL: https://issues.apache.org/jira/browse/HIVE-27195 > Project: Hive > Issue Type: Bug > Reporter: Riju Trivedi > Assignee: Riju Trivedi > Priority: Major > Labels: pull-request-available > Time Spent: 0.5h > Remaining Estimate: 0h > > Include authorization of the database object during the "drop table" command. > Similar to "Create table", DB permissions should be verified in the case of > "drop table" too. Add the database object along with the table object to the > list of output objects sent for verifying privileges. This change would > ensure that in case of a non-existent table or temporary table (skipped from > authorization after HIVE-20051), the authorizer will verify privileges for > the database object. > This would also prevent DROP TABLE IF EXISTS command failure for temporary or > non-existing tables with `RangerHiveAuthorizer`. In case of > temporary/non-existing table, empty input and output HivePrivilege Objects > are sent to Ranger authorizer and after > https://issues.apache.org/jira/browse/RANGER-3407 authorization request is > built from command in case of empty objects. Hence, the drop table if Exists > command fails with HiveAccessControlException. > Steps to Repro: > {code:java} > use test; CREATE TEMPORARY TABLE temp_table (id int); > drop table if exists test.temp_table; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [rtrivedi] does not have [DROP] privilege on > [test/temp_table] (state=42000,code=40000) {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)