[ https://issues.apache.org/jira/browse/TRAFODION-2409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gao, Rui-Xian updated TRAFODION-2409: ------------------------------------- Comment: was deleted (was: Another issue is, any user can do update statistics for a hive table -- 1. create table in hive : create external table ext_t1(a int); 2. logon trafci with user1, select from hive.hive.ext_t1 will get internal error as described above, but the user can do 'update statistics' for the hive table. connect user1/******; SQL>update statistics for table hive.qa_db_1.traf_ext_t1 on every column; --- SQL operation complete. Expect result is ERROR[4481], the user cannot do 'update statistics' since he/she doesn't have select privileges on the table.) > support privilege control(column privileges) for hive tables > ------------------------------------------------------------ > > Key: TRAFODION-2409 > URL: https://issues.apache.org/jira/browse/TRAFODION-2409 > Project: Apache Trafodion > Issue Type: Improvement > Components: sql-security > Reporter: Gao, Rui-Xian > Assignee: Roberta Marton > > we need support column privileges for hive tables. > 1. Currently, we have problem accessing hive native tables with users that is > not trafodion -- > 1). create table from hive > 2). connect with user1, select from hive table will get internal error > SQL>select * from hive.hive.mytest; > *** ERROR[1001] An internal error occurred in module > ../sqlcomp/PrivMgrPrivileges.cpp on line 4149. DETAILS(objectUID is 0 for > get privileges command). [2016-12-20 12:31:55] > *** ERROR[1034] Unable to obtain privileges [2016-12-20 12:31:55] > 2. after creating external table for hive table, we can grant/revoke on hive > tables, but don't support column privileges, a user will have privilege on > all columns though only granted privileges on one column. > 1). create table from hive > 2). do 'update statistics' for hive table from trafodion > 3). grant column privilge on the hive table to a user > 4). the user still have privileges on all columns > User trafodion— > ********************************************************************************************** > >>grant select(a) on hive.hive.inttab1 to qauser1; > --- SQL operation complete. > User qauser1 – > ********************************************************************************************** > SQL>select * from hive.hive.inttab1; // qauser1 should not have select > privilege on column b > --- 0 row(s) selected. > SQL>insert into hive.hive.inttab1 values(1,1); > *** ERROR[4481] The user does not have INSERT privilege on table or view > HIVE.HIVE.INTTAB1. [2016-12-20 15:12:40] > User trafodion – > ********************************************************************************************** > >>grant insert(a) on hive.hive.inttab1 to qauser1; > --- SQL operation complete. > User qauser1 – > ********************************************************************************************** > SQL>insert into hive.hive.inttab1 values(2,2); // qauser1 only have privilege > to insert data into column a, but can insert data into all columns. > --- 1 row(s) inserted. -- This message was sent by Atlassian JIRA (v6.3.4#6332)