[jira] [Updated] (HIVE-11175) create function using jar does not work with sql std authorization
[
https://issues.apache.org/jira/browse/HIVE-11175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Olaf Flebbe updated HIVE-11175:
---
Status: Open (was: Patch Available)
> create function using jar does not work with sql std authorization
> --
>
> Key: HIVE-11175
> URL: https://issues.apache.org/jira/browse/HIVE-11175
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 1.2.0
>Reporter: Olaf Flebbe
>Assignee: Olaf Flebbe
>Priority: Major
> Attachments: HIVE-11175.1.patch
>
>
> {code:sql}create function xxx as 'xxx' using jar 'file://foo.jar' {code}
> gives error code for need of accessing a local foo.jar resource with ADMIN
> privileges. Same for HDFS (DFS_URI) .
> problem is that the semantic analysis enforces the ADMIN privilege for write
> but the jar is clearly input not output.
> Patch und Testcase appendend.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Resolved] (HIVE-11175) create function using jar does not work with sql std authorization
[
https://issues.apache.org/jira/browse/HIVE-11175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Olaf Flebbe resolved HIVE-11175.
Resolution: Won't Fix
> create function using jar does not work with sql std authorization
> --
>
> Key: HIVE-11175
> URL: https://issues.apache.org/jira/browse/HIVE-11175
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 1.2.0
>Reporter: Olaf Flebbe
>Assignee: Olaf Flebbe
>Priority: Major
> Attachments: HIVE-11175.1.patch
>
>
> {code:sql}create function xxx as 'xxx' using jar 'file://foo.jar' {code}
> gives error code for need of accessing a local foo.jar resource with ADMIN
> privileges. Same for HDFS (DFS_URI) .
> problem is that the semantic analysis enforces the ADMIN privilege for write
> but the jar is clearly input not output.
> Patch und Testcase appendend.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (HIVE-11175) create function using jar does not work with sql std authorization
[
https://issues.apache.org/jira/browse/HIVE-11175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15123181#comment-15123181
]
Olaf Flebbe commented on HIVE-11175:
Could someone please help me fixing the iTests ? I worked for several days on
it and it blew up on random other places. Other problem is that I desperatly
need a commandline not running for 20 or so minutes to get the output of the
test in order to check.
> create function using jar does not work with sql std authorization
> --
>
> Key: HIVE-11175
> URL: https://issues.apache.org/jira/browse/HIVE-11175
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 1.2.0
>Reporter: Olaf Flebbe
>Assignee: Olaf Flebbe
> Attachments: HIVE-11175.1.patch
>
>
> {code:sql}create function xxx as 'xxx' using jar 'file://foo.jar' {code}
> gives error code for need of accessing a local foo.jar resource with ADMIN
> privileges. Same for HDFS (DFS_URI) .
> problem is that the semantic analysis enforces the ADMIN privilege for write
> but the jar is clearly input not output.
> Patch und Testcase appendend.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-12417) Support for exclamation mark missing in regexp
[
https://issues.apache.org/jira/browse/HIVE-12417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15027413#comment-15027413
]
Olaf Flebbe commented on HIVE-12417:
I do not think, since the documentation in wiki was right and the
implementation wrong.
> Support for exclamation mark missing in regexp
> --
>
> Key: HIVE-12417
> URL: https://issues.apache.org/jira/browse/HIVE-12417
> Project: Hive
> Issue Type: Bug
>Affects Versions: 1.2.1
>Reporter: Olaf Flebbe
>Assignee: Olaf Flebbe
> Fix For: 1.3.0, 2.0.0
>
> Attachments: HIVE-12417.1.patch, HIVE-12417.2.patch
>
>
> with HIVE-6013 gets support for regular expressions. However, die ! character
> is valid, too. It is needed for expressions like
> {code}
> set hive.support.quoted.identifiers = none;
> select `^(?!donotuseme).*$` from table;
> {code}
> which is the idiom to select all but column {{donotuseme}} .
> See http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html for
> a reference of supported chars in Java regexp.
> The patch simply fixes the lexer to support '!' as REGEX char. And does
> simply work.
> Please review.
> If you like to have an iTest for it, I beg you to help me. I tried several
> days on a different issue to figure out how it is supposed to work and failed
> miserably.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-12417) Support for exclamation mark missing in regexp
[
https://issues.apache.org/jira/browse/HIVE-12417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15011395#comment-15011395
]
Olaf Flebbe commented on HIVE-12417:
The four failures seem not related. Seems to be related to an invalid hadoop
home directory, or do I miss something?
> Support for exclamation mark missing in regexp
> --
>
> Key: HIVE-12417
> URL: https://issues.apache.org/jira/browse/HIVE-12417
> Project: Hive
> Issue Type: Bug
>Affects Versions: 1.2.1
>Reporter: Olaf Flebbe
>Assignee: Olaf Flebbe
> Attachments: HIVE-12417.1.patch, HIVE-12417.2.patch
>
>
> with HIVE-6013 gets support for regular expressions. However, die ! character
> is valid, too. It is needed for expressions like
> {code}
> set hive.support.quoted.identifiers = none;
> select `^(?!donotuseme).*$` from table;
> {code}
> which is the idiom to select all but column {{donotuseme}} .
> See http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html for
> a reference of supported chars in Java regexp.
> The patch simply fixes the lexer to support '!' as REGEX char. And does
> simply work.
> Please review.
> If you like to have an iTest for it, I beg you to help me. I tried several
> days on a different issue to figure out how it is supposed to work and failed
> miserably.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HIVE-12417) Support for exclamation mark missing in regexp
[
https://issues.apache.org/jira/browse/HIVE-12417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Olaf Flebbe updated HIVE-12417:
---
Attachment: HIVE-12417.2.patch
second try. Even less invasive.
Please review again.
> Support for exclamation mark missing in regexp
> --
>
> Key: HIVE-12417
> URL: https://issues.apache.org/jira/browse/HIVE-12417
> Project: Hive
> Issue Type: Bug
>Affects Versions: 1.2.1
>Reporter: Olaf Flebbe
>Assignee: Olaf Flebbe
> Attachments: HIVE-12417.1.patch, HIVE-12417.2.patch
>
>
> with HIVE-6013 gets support for regular expressions. However, die ! character
> is valid, too. It is needed for expressions like
> {code}
> set hive.support.quoted.identifiers = none;
> select `^(?!donotuseme).*$` from table;
> {code}
> which is the idiom to select all but column {{donotuseme}} .
> See http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html for
> a reference of supported chars in Java regexp.
> The patch simply fixes the lexer to support '!' as REGEX char. And does
> simply work.
> Please review.
> If you like to have an iTest for it, I beg you to help me. I tried several
> days on a different issue to figure out how it is supposed to work and failed
> miserably.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-12417) Support for exclamation mark missing in regexp
[
https://issues.apache.org/jira/browse/HIVE-12417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15008159#comment-15008159
]
Olaf Flebbe commented on HIVE-12417:
Oops, the negation operator is broken now, somehow. Canceling patch
> Support for exclamation mark missing in regexp
> --
>
> Key: HIVE-12417
> URL: https://issues.apache.org/jira/browse/HIVE-12417
> Project: Hive
> Issue Type: Bug
>Affects Versions: 1.2.1
>Reporter: Olaf Flebbe
>Assignee: Olaf Flebbe
> Attachments: HIVE-12417.1.patch
>
>
> with HIVE-6013 gets support for regular expressions. However, die ! character
> is valid, too. It is needed for expressions like
> {code}
> set hive.support.quoted.identifiers = none;
> select `^(?!donotuseme).*$` from table;
> {code}
> which is the idiom to select all but column {{donotuseme}} .
> See http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html for
> a reference of supported chars in Java regexp.
> The patch simply fixes the lexer to support '!' as REGEX char. And does
> simply work.
> Please review.
> If you like to have an iTest for it, I beg you to help me. I tried several
> days on a different issue to figure out how it is supposed to work and failed
> miserably.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HIVE-12417) Support for exclamation mark missing in regexp
[
https://issues.apache.org/jira/browse/HIVE-12417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Olaf Flebbe updated HIVE-12417:
---
Attachment: HIVE-12417.1.patch
> Support for exclamation mark missing in regexp
> --
>
> Key: HIVE-12417
> URL: https://issues.apache.org/jira/browse/HIVE-12417
> Project: Hive
> Issue Type: Bug
>Affects Versions: 1.2.1
>Reporter: Olaf Flebbe
>Assignee: Olaf Flebbe
> Attachments: HIVE-12417.1.patch
>
>
> with HIVE-6013 gets support for regular expressions. However, die ! character
> is valid, too. It is needed for expressions like
> {code}
> set hive.support.quoted.identifiers = none;
> select '^(?!donotuseme).*$ from table;
> {code}
> which is the idiom to select all but column {{donotuseme}} .
> See http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html for
> a reference of supported chars in Java regexp.
> The patch simply fixes the lexer to support '!' as REGEX char. And does
> simply work.
> Please review.
> If you like to have an iTest for it, I beg you to help me. I tried several
> days on a different issue to figure out how it is supposed to work and failed
> miserably.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HIVE-12417) Support for exclamation mark missing in regexp
[
https://issues.apache.org/jira/browse/HIVE-12417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Olaf Flebbe updated HIVE-12417:
---
Description:
with HIVE-6013 gets support for regular expressions. However, die ! character
is valid, too. It is needed for expressions like
{code}
set hive.support.quoted.identifiers = none;
select `^(?!donotuseme).*$` from table;
{code}
which is the idiom to select all but column {{donotuseme}} .
See http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html for a
reference of supported chars in Java regexp.
The patch simply fixes the lexer to support '!' as REGEX char. And does simply
work.
Please review.
If you like to have an iTest for it, I beg you to help me. I tried several days
on a different issue to figure out how it is supposed to work and failed
miserably.
was:
with HIVE-6013 gets support for regular expressions. However, die ! character
is valid, too. It is needed for expressions like
{code}
set hive.support.quoted.identifiers = none;
select '^(?!donotuseme).*$ from table;
{code}
which is the idiom to select all but column {{donotuseme}} .
See http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html for a
reference of supported chars in Java regexp.
The patch simply fixes the lexer to support '!' as REGEX char. And does simply
work.
Please review.
If you like to have an iTest for it, I beg you to help me. I tried several days
on a different issue to figure out how it is supposed to work and failed
miserably.
> Support for exclamation mark missing in regexp
> --
>
> Key: HIVE-12417
> URL: https://issues.apache.org/jira/browse/HIVE-12417
> Project: Hive
> Issue Type: Bug
>Affects Versions: 1.2.1
>Reporter: Olaf Flebbe
>Assignee: Olaf Flebbe
> Attachments: HIVE-12417.1.patch
>
>
> with HIVE-6013 gets support for regular expressions. However, die ! character
> is valid, too. It is needed for expressions like
> {code}
> set hive.support.quoted.identifiers = none;
> select `^(?!donotuseme).*$` from table;
> {code}
> which is the idiom to select all but column {{donotuseme}} .
> See http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html for
> a reference of supported chars in Java regexp.
> The patch simply fixes the lexer to support '!' as REGEX char. And does
> simply work.
> Please review.
> If you like to have an iTest for it, I beg you to help me. I tried several
> days on a different issue to figure out how it is supposed to work and failed
> miserably.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-11175) create function using jar does not work with sql std authorization
[
https://issues.apache.org/jira/browse/HIVE-11175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14941219#comment-14941219
]
Olaf Flebbe commented on HIVE-11175:
{code}
!!{localmavencache}!!
{code}
> create function using jar does not work with sql std authorization
> --
>
> Key: HIVE-11175
> URL: https://issues.apache.org/jira/browse/HIVE-11175
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 1.2.0
>Reporter: Olaf Flebbe
>Assignee: Olaf Flebbe
> Fix For: 2.0.0
>
> Attachments: HIVE-11175.1.patch
>
>
> {code:sql}create function xxx as 'xxx' using jar 'file://foo.jar' {code}
> gives error code for need of accessing a local foo.jar resource with ADMIN
> privileges. Same for HDFS (DFS_URI) .
> problem is that the semantic analysis enforces the ADMIN privilege for write
> but the jar is clearly input not output.
> Patch und Testcase appendend.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-11175) create function using jar does not work with sql std authorization
[
https://issues.apache.org/jira/browse/HIVE-11175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14941217#comment-14941217
]
Olaf Flebbe commented on HIVE-11175:
Oops, the path names are relative to my infrastructure ;-)
It seems to me that I would need to enhance
./beeline/src/java/org/apache/hive/beeline/util/QFileClient.java
and introduce a !!{localmavencache}!! replacement ?
Or am I missing something?
> create function using jar does not work with sql std authorization
> --
>
> Key: HIVE-11175
> URL: https://issues.apache.org/jira/browse/HIVE-11175
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 1.2.0
>Reporter: Olaf Flebbe
>Assignee: Olaf Flebbe
> Fix For: 2.0.0
>
> Attachments: HIVE-11175.1.patch
>
>
> {code:sql}create function xxx as 'xxx' using jar 'file://foo.jar' {code}
> gives error code for need of accessing a local foo.jar resource with ADMIN
> privileges. Same for HDFS (DFS_URI) .
> problem is that the semantic analysis enforces the ADMIN privilege for write
> but the jar is clearly input not output.
> Patch und Testcase appendend.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Assigned] (HIVE-11175) create function using jar does not work with sql std authorization
[
https://issues.apache.org/jira/browse/HIVE-11175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Olaf Flebbe reassigned HIVE-11175:
--
Assignee: Olaf Flebbe
> create function using jar does not work with sql std authorization
> --
>
> Key: HIVE-11175
> URL: https://issues.apache.org/jira/browse/HIVE-11175
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 1.2.0
>Reporter: Olaf Flebbe
>Assignee: Olaf Flebbe
> Fix For: 2.0.0
>
> Attachments: HIVE-11175.1.patch
>
>
> {code:sql}create function xxx as 'xxx' using jar 'file://foo.jar' {code}
> gives error code for need of accessing a local foo.jar resource with ADMIN
> privileges. Same for HDFS (DFS_URI) .
> problem is that the semantic analysis enforces the ADMIN privilege for write
> but the jar is clearly input not output.
> Patch und Testcase appendend.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-11175) create function using jar does not work with sql std authorization
[
https://issues.apache.org/jira/browse/HIVE-11175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14712556#comment-14712556
]
Olaf Flebbe commented on HIVE-11175:
Yes
> create function using jar does not work with sql std authorization
> --
>
> Key: HIVE-11175
> URL: https://issues.apache.org/jira/browse/HIVE-11175
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 1.2.0
>Reporter: Olaf Flebbe
> Fix For: 2.0.0
>
> Attachments: HIVE-11175.1.patch
>
>
> {{create function xxx as 'xxx' using jar 'file://foo.jar' }}
> gives error code for need of accessing a local foo.jar resource with ADMIN
> privileges. Same for HDFS (DFS_URI) .
> problem is that the semantic analysis enforces the ADMIN privilege for write
> but the jar is clearly input not output.
> Patch und Testcase appendend.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
[
https://issues.apache.org/jira/browse/HIVE-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14638331#comment-14638331
]
Olaf Flebbe commented on HIVE-9941:
---
Just verified it happens on 1.2.0 too
> sql std authorization on partitioned table: truncate and insert
> ---
>
> Key: HIVE-9941
> URL: https://issues.apache.org/jira/browse/HIVE-9941
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 1.0.0, 1.2.0
>Reporter: Olaf Flebbe
>
> sql std authorization works as expected.
> However if a table is partitioned any user can truncate it
> User foo:
> {code}
> create table bla (a string) partitioned by (b string);
> #.. loading values ...
> {code}
> Admin:
> {code}
> 0: jdbc:hive2://localhost:1/default> set role admin;
> No rows affected (0,074 seconds)
> 0: jdbc:hive2://localhost:1/default> show grant on bla;
> +---+++-+-+-++---++--+--+
> | database | table | partition | column | principal_name |
> principal_type | privilege | grant_option | grant_time | grantor |
> +---+++-+-+-++---++--+--+
> | default | bla|| | foo | USER
> | DELETE | true | 1426158997000 | foo |
> | default | bla|| | foo | USER
> | INSERT | true | 1426158997000 | foo |
> | default | bla|| | foo | USER
> | SELECT | true | 1426158997000 | foo |
> | default | bla|| | foo | USER
> | UPDATE | true | 1426158997000 | foo |
> +---+++-+-+-++---++--+--+
> {code}
> now user olaf
> {code}
> 0: jdbc:hive2://localhost:1/default> select * from bla;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: Principal [name=olaf, type=USER] does not have following
> privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW,
> name=default.bla]] (state=42000,code=4)
> {code}
> works as expected.
> _BUT_
> {code}
> 0: jdbc:hive2://localhost:1/default> truncate table bla;
> No rows affected (0,18 seconds)
> {code}
> _And table is empty afterwards_.
> Similarily: {{insert into table}} works, too.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
[
https://issues.apache.org/jira/browse/HIVE-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Olaf Flebbe updated HIVE-9941:
--
Affects Version/s: (was: 0.14.0)
1.0.0
1.2.0
> sql std authorization on partitioned table: truncate and insert
> ---
>
> Key: HIVE-9941
> URL: https://issues.apache.org/jira/browse/HIVE-9941
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 1.0.0, 1.2.0
>Reporter: Olaf Flebbe
>
> sql std authorization works as expected.
> However if a table is partitioned any user can truncate it
> User foo:
> {code}
> create table bla (a string) partitioned by (b string);
> #.. loading values ...
> {code}
> Admin:
> {code}
> 0: jdbc:hive2://localhost:1/default> set role admin;
> No rows affected (0,074 seconds)
> 0: jdbc:hive2://localhost:1/default> show grant on bla;
> +---+++-+-+-++---++--+--+
> | database | table | partition | column | principal_name |
> principal_type | privilege | grant_option | grant_time | grantor |
> +---+++-+-+-++---++--+--+
> | default | bla|| | foo | USER
> | DELETE | true | 1426158997000 | foo |
> | default | bla|| | foo | USER
> | INSERT | true | 1426158997000 | foo |
> | default | bla|| | foo | USER
> | SELECT | true | 1426158997000 | foo |
> | default | bla|| | foo | USER
> | UPDATE | true | 1426158997000 | foo |
> +---+++-+-+-++---++--+--+
> {code}
> now user olaf
> {code}
> 0: jdbc:hive2://localhost:1/default> select * from bla;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: Principal [name=olaf, type=USER] does not have following
> privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW,
> name=default.bla]] (state=42000,code=4)
> {code}
> works as expected.
> _BUT_
> {code}
> 0: jdbc:hive2://localhost:1/default> truncate table bla;
> No rows affected (0,18 seconds)
> {code}
> _And table is empty afterwards_.
> Similarily: {{insert into table}} works, too.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HIVE-11175) create function using jar does not work with sql std authorization
[
https://issues.apache.org/jira/browse/HIVE-11175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Olaf Flebbe updated HIVE-11175:
---
Attachment: HIVE-11175.1.patch
> create function using jar does not work with sql std authorization
> --
>
> Key: HIVE-11175
> URL: https://issues.apache.org/jira/browse/HIVE-11175
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 1.2.0
>Reporter: Olaf Flebbe
> Fix For: 2.0.0
>
> Attachments: HIVE-11175.1.patch
>
>
> {{create function xxx as 'xxx' using jar 'file://foo.jar' }}
> gives error code for need of accessing a local foo.jar resource with ADMIN
> privileges. Same for HDFS (DFS_URI) .
> problem is that the semantic analysis enforces the ADMIN privilege for write
> but the jar is clearly input not output.
> Patch und Testcase appendend.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HIVE-7451) pass function name in create/drop function to authorization api
[ https://issues.apache.org/jira/browse/HIVE-7451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Olaf Flebbe updated HIVE-7451: -- Affects Version/s: (was: 1.2.0) > pass function name in create/drop function to authorization api > --- > > Key: HIVE-7451 > URL: https://issues.apache.org/jira/browse/HIVE-7451 > Project: Hive > Issue Type: Bug > Components: Authorization >Reporter: Thejas M Nair >Assignee: Thejas M Nair > Fix For: 0.14.0 > > Attachments: HIVE-7451.1.patch, HIVE-7451.2.patch, HIVE-7451.3.patch, > HIVE-7451.4.patch > > > If function names are passed to the authorization api for create/drop > function calls, then authorization decisions can be made based on the > function names as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HIVE-7451) pass function name in create/drop function to authorization api
[ https://issues.apache.org/jira/browse/HIVE-7451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Olaf Flebbe updated HIVE-7451: -- Affects Version/s: 1.2.0 > pass function name in create/drop function to authorization api > --- > > Key: HIVE-7451 > URL: https://issues.apache.org/jira/browse/HIVE-7451 > Project: Hive > Issue Type: Bug > Components: Authorization >Reporter: Thejas M Nair >Assignee: Thejas M Nair > Fix For: 0.14.0 > > Attachments: HIVE-7451.1.patch, HIVE-7451.2.patch, HIVE-7451.3.patch, > HIVE-7451.4.patch > > > If function names are passed to the authorization api for create/drop > function calls, then authorization decisions can be made based on the > function names as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Resolved] (HIVE-8953) 0.5.2-SNAPSHOT Dependency
[ https://issues.apache.org/jira/browse/HIVE-8953?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Olaf Flebbe resolved HIVE-8953. --- Resolution: Fixed Fix Version/s: 1.0.0 Release Note: Fixed in 1.0 > 0.5.2-SNAPSHOT Dependency > - > > Key: HIVE-8953 > URL: https://issues.apache.org/jira/browse/HIVE-8953 > Project: Hive > Issue Type: Bug >Affects Versions: 0.14.0 > Environment: Compiling for Apache BIGTOP. >Reporter: Olaf Flebbe > Fix For: 1.0.0 > > > I have the issue that hive shim 0.23 needs tez Version 0.5.2-SNAPSHOT. > Hm, I have no clue what SNAPSHOT of Apache Tez should be used. There is no > 0.5.2-SNAPSHOT in Maven Central Repository. > Can I use 0.5.2 ? (This seems to be released) > This relates to: [HIVE-8614] I have the same problem as the reporter. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
[
https://issues.apache.org/jira/browse/HIVE-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Olaf Flebbe updated HIVE-9941:
--
Description:
sql std authorization works as expected.
However if a table is partitioned any user can truncate it
User foo:
{code}
create table bla (a string) partitioned by (b string);
#.. loading values ...
{code}
Admin:
{code}
0: jdbc:hive2://localhost:1/default> set role admin;
No rows affected (0,074 seconds)
0: jdbc:hive2://localhost:1/default> show grant on bla;
+---+++-+-+-++---++--+--+
| database | table | partition | column | principal_name | principal_type
| privilege | grant_option | grant_time | grantor |
+---+++-+-+-++---++--+--+
| default | bla|| | foo | USER
| DELETE | true | 1426158997000 | foo |
| default | bla|| | foo | USER
| INSERT | true | 1426158997000 | foo |
| default | bla|| | foo | USER
| SELECT | true | 1426158997000 | foo |
| default | bla|| | foo | USER
| UPDATE | true | 1426158997000 | foo |
+---+++-+-+-++---++--+--+
{code}
now user olaf
{code}
0: jdbc:hive2://localhost:1/default> select * from bla;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: Principal [name=olaf, type=USER] does not have following
privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW,
name=default.bla]] (state=42000,code=4)
{code}
works as expected.
_BUT_
{code}
0: jdbc:hive2://localhost:1/default> truncate table bla;
No rows affected (0,18 seconds)
{code}
_And table is empty afterwards_.
Similarily: {{insert into table}} works, too.
was:
sql std authorization works as expected.
However if a table is partitioned any user can truncate it
User foo:
{code}
create table bla (a string) partitioned by (b string);
#.. loading values ...
{code}
Admin:
{code}
0: jdbc:hive2://localhost:1/default> set role admin;
No rows affected (0,074 seconds)
0: jdbc:hive2://localhost:1/default> show grant on bla;
+---+++-+-+-++---++--+--+
| database | table | partition | column | principal_name | principal_type
| privilege | grant_option | grant_time | grantor |
+---+++-+-+-++---++--+--+
| default | bla|| | foo | USER
| DELETE | true | 1426158997000 | foo |
| default | bla|| | foo | USER
| INSERT | true | 1426158997000 | foo |
| default | bla|| | foo | USER
| SELECT | true | 1426158997000 | foo |
| default | bla|| | foo | USER
| UPDATE | true | 1426158997000 | foo |
+---+++-+-+-++---++--+--+
{code}
now user olaf
{code}
0: jdbc:hive2://localhost:1/default> select * from bla;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: Principal [name=olaf, type=USER] does not have following
privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW,
name=default.bla]] (state=42000,code=4)
{code}
_BUT_
{code}
0: jdbc:hive2://localhost:1/default> truncate table bla;
No rows affected (0,18 seconds)
{code}
And table is empty afterwards.
Similarily: {{insert into table}} works, too.
> sql std authorization on partitioned table: truncate and insert
> ---
>
> Key: HIVE-9941
> URL: https://issues.apache.org/jira/browse/HIVE-9941
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 0.14.0
>Reporter: Olaf Flebbe
>
> sql std authorization works as expected.
> However if a table is partitioned any user can truncate it
> User foo:
> {code}
> create table bla (a string) partitioned by (b string);
> #.. loading values ...
> {code}
> Admin:
> {code}
> 0: jdbc:hive2:/
