[
https://issues.apache.org/jira/browse/HIVE-11179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15061343#comment-15061343
]
Dapeng Sun commented on HIVE-11179:
-----------------------------------
Thank [~thejas] for your follow up. I will also think about how to minimize the
api change.
> HIVE should allow custom converting from HivePrivilegeObjectDesc to
> privilegeObject for different authorizers
> -------------------------------------------------------------------------------------------------------------
>
> Key: HIVE-11179
> URL: https://issues.apache.org/jira/browse/HIVE-11179
> Project: Hive
> Issue Type: Improvement
> Reporter: Dapeng Sun
> Assignee: Dapeng Sun
> Labels: Authorization
> Fix For: 1.3.0, 2.0.0
>
> Attachments: HIVE-11179.001.patch, HIVE-11179.001.patch
>
>
> HIVE should allow custom converting from HivePrivilegeObjectDesc to
> privilegeObject for different authorizers:
> There is a case in Apache Sentry: Sentry support uri and server level
> privilege, but in hive side, it uses
> {{AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc)}} to do the
> converting, and the code in {{getHivePrivilegeObject()}} only handle the
> scenes for table and database
> {noformat}
> privSubjectDesc.getTable() ? HivePrivilegeObjectType.TABLE_OR_VIEW :
> HivePrivilegeObjectType.DATABASE;
> {noformat}
> A solution is move this method to {{HiveAuthorizer}}, so that a custom
> Authorizer could enhance it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
