[jira] [Comment Edited] (HIVE-27195) Add database authorization for drop table command
[
https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17746119#comment-17746119
]
Riju Trivedi edited comment on HIVE-27195 at 7/23/23 6:40 PM:
--
Thank you Stamatis for reviewing.
* These tests have default `hive.exec.drop.ignorenonexistent` to True hence
the behavior of DROP TABLE is the NOOP. I have added one more test with
`hive.exec.drop.ignorenonexistent` to False where DROP TABLE WITHOUT IF EXISTS
returns an error.
* Agreed, Updated tests to remove grant on tables.
* CREATE TABLE *IF NOT EXISTS* also throws an authentication error in case
table is already there. So, it is consistent with the DROP table IF EXISTS for
non-existing tables.
was (Author: rtrivedi12):
Thank you Stamatis for reviewing.
# These tests have default `hive.exec.drop.ignorenonexistent` to True hence
the behavior of DROP TABLE is the NOOP. I have added one more test with
`hive.exec.drop.ignorenonexistent` to False where DROP TABLE WITHOUT IF EXISTS
returns an error.
# Agreed, Updated tests to remove grant on tables.
# CREATE TABLE *IF NOT EXISTS* also throws an authentication error in case
table is already there.
> Add database authorization for drop table command
> -
>
> Key: HIVE-27195
> URL: https://issues.apache.org/jira/browse/HIVE-27195
> Project: Hive
> Issue Type: Bug
>Reporter: Riju Trivedi
>Assignee: Riju Trivedi
>Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Include authorization of the database object during the "drop table" command.
> Similar to "Create table", DB permissions should be verified in the case of
> "drop table" too. Add the database object along with the table object to the
> list of output objects sent for verifying privileges. This change would
> ensure that in case of a non-existent table or temporary table (skipped from
> authorization after HIVE-20051), the authorizer will verify privileges for
> the database object.
> This would also prevent DROP TABLE IF EXISTS command failure for temporary or
> non-existing tables with `RangerHiveAuthorizer`. In case of
> temporary/non-existing table, empty input and output HivePrivilege Objects
> are sent to Ranger authorizer and after
> https://issues.apache.org/jira/browse/RANGER-3407 authorization request is
> built from command in case of empty objects. Hence, the drop table if Exists
> command fails with HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [rtrivedi] does not have [DROP] privilege on
> [test/temp_table] (state=42000,code=4) {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (HIVE-27195) Add database authorization for drop table command
[
https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17744625#comment-17744625
]
Stamatis Zampetakis edited comment on HIVE-27195 at 7/19/23 1:24 PM:
-
[~rtrivedi12] Thanks for adding more test cases to the PR. Based on what edge
cases we have seen so far internally, I think we may need a few more scenarios
to consider.
I created a google
[spreadsheet|https://docs.google.com/spreadsheets/d/1CJ1U0LOCpK7TfxY5RSSM4Wmbmt7GiKt5VQrWt1x2tfs/edit?usp=sharing]
in an attempt to enumerate all the scenarios that we would like to test based
on the following boolean questions:
* Does the user perform the DROP TABLE statement from the current database?
* Does the user have the DROP privilege on the database where the table belongs?
* Does the table (which is being dropped) exist?
* Is the table temporary or regular?
* Does the DROP statement contain the IF EXISTS clause?
This totals to 2^5 = 32 test cases (+2 for testing also what happens when
database does not exist) that we would like to have. It would be great if we
can create these test cases as part of this PR and fill-in the respective
spreadsheet. Some of them may exist already so feel free to skip them if that's
the case.
was (Author: zabetak):
[~rtrivedi12] Thanks for adding more test cases to the PR. Based on what edge
cases we have seen so far internally, I think we may need a few more scenarios
to consider.
I created a google [spreadsheet
https://docs.google.com/spreadsheets/d/1CJ1U0LOCpK7TfxY5RSSM4Wmbmt7GiKt5VQrWt1x2tfs/edit?usp=sharing]
in an attempt to enumerate all the scenarios that we would like to test based
on the following boolean questions:
* Does the user perform the DROP TABLE statement from the current database?
* Does the user have the DROP privilege on the database where the table belongs?
* Does the table (which is being dropped) exist?
* Is the table temporary or regular?
* Does the DROP statement contain the IF EXISTS clause?
This totals to 2^5 = 32 test cases (+2 for testing also what happens when
database does not exist) that we would like to have. It would be great if we
can create these test cases as part of this PR and fill-in the respective
spreadsheet. Some of them may exist already so feel free to skip them if that's
the case.
> Add database authorization for drop table command
> -
>
> Key: HIVE-27195
> URL: https://issues.apache.org/jira/browse/HIVE-27195
> Project: Hive
> Issue Type: Bug
>Reporter: Riju Trivedi
>Assignee: Riju Trivedi
>Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Include authorization of the database object during the "drop table" command.
> Similar to "Create table", DB permissions should be verified in the case of
> "drop table" too. Add the database object along with the table object to the
> list of output objects sent for verifying privileges. This change would
> ensure that in case of a non-existent table or temporary table (skipped from
> authorization after HIVE-20051), the authorizer will verify privileges for
> the database object.
> This would also prevent DROP TABLE IF EXISTS command failure for temporary or
> non-existing tables with `RangerHiveAuthorizer`. In case of
> temporary/non-existing table, empty input and output HivePrivilege Objects
> are sent to Ranger authorizer and after
> https://issues.apache.org/jira/browse/RANGER-3407 authorization request is
> built from command in case of empty objects. Hence, the drop table if Exists
> command fails with HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [rtrivedi] does not have [DROP] privilege on
> [test/temp_table] (state=42000,code=4) {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
