[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[
https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Riju Trivedi updated HIVE-27195:
Description:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of a non-existent table or temporary table (skipped from
authorization after HIVE-20051), the authorizer will verify privileges for the
database object.
This would also prevent DROP TABLE IF EXISTS command failure for temporary or
non-existing tables with `RangerHiveAuthorizer`. In case of
temporary/non-existing table, empty input and output HivePrivilege Objects are
sent to Ranger authorizer and after
https://issues.apache.org/jira/browse/RANGER-3407 authorization request is
built from command in case of empty objects. Hence, the drop table if Exists
command fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
was:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of a non-existent table or temporary table (skipped from
authorization after HIVE-20051), the authorizer will verify privileges for the
database object.
This would also prevent DROP TABLE IF EXISTS command failure for temporary or
non-existing tables with `RangerHiveAuthorizer`. In case of
temporary/non-existing table, empty input and output HivePrivilege Objects are
sent to Ranger authorizer and after
https://issues.apache.org/jira/browse/RANGER-3407 authorization request is
built from command in case of empty objects. Hence , the drop table if Exists
command fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
> Add database authorization for drop table command
> -
>
> Key: HIVE-27195
> URL: https://issues.apache.org/jira/browse/HIVE-27195
> Project: Hive
> Issue Type: Bug
>Reporter: Riju Trivedi
>Assignee: Riju Trivedi
>Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Include authorization of the database object during the "drop table" command.
> Similar to "Create table", DB permissions should be verified in the case of
> "drop table" too. Add the database object along with the table object to the
> list of output objects sent for verifying privileges. This change would
> ensure that in case of a non-existent table or temporary table (skipped from
> authorization after HIVE-20051), the authorizer will verify privileges for
> the database object.
> This would also prevent DROP TABLE IF EXISTS command failure for temporary or
> non-existing tables with `RangerHiveAuthorizer`. In case of
> temporary/non-existing table, empty input and output HivePrivilege Objects
> are sent to Ranger authorizer and after
> https://issues.apache.org/jira/browse/RANGER-3407 authorization request is
> built from command in case of empty objects. Hence, the drop table if Exists
> command fails with HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [rtrivedi] does not have [DROP] privilege on
> [test/temp_table] (state=42000,code=4) {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[
https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Riju Trivedi updated HIVE-27195:
Description:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of a non-existent table or temporary table (skipped from
authorization after HIVE-20051), the authorizer will verify privileges for the
database object.
This would also prevent DROP TABLE IF EXISTS command failure for temporary or
non-existing tables with `RangerHiveAuthorizer`. In case of
temporary/non-existing table, empty input and output HivePrivilege Objects are
sent to Ranger authorizer and after
https://issues.apache.org/jira/browse/RANGER-3407 authorization request is
built from command in case of empty objects. Hence , the drop table if Exists
command fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
was:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of a non-existent table or temporary table (skipped from
authorization after HIVE-20051), the authorizer will verify privileges for the
database object.
This would also prevent DROP TABLE IF EXISTS command failure for temporary or
non-existing tables with Ranger. In case of temporary/non-existing table, empty
input and output HivePrivilege Objects are sent to Ranger authorizer and after
https://issues.apache.org/jira/browse/RANGER-3407 authorization request is
build from command in case of empty objects. Hence
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
> Add database authorization for drop table command
> -
>
> Key: HIVE-27195
> URL: https://issues.apache.org/jira/browse/HIVE-27195
> Project: Hive
> Issue Type: Bug
>Reporter: Riju Trivedi
>Assignee: Riju Trivedi
>Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Include authorization of the database object during the "drop table" command.
> Similar to "Create table", DB permissions should be verified in the case of
> "drop table" too. Add the database object along with the table object to the
> list of output objects sent for verifying privileges. This change would
> ensure that in case of a non-existent table or temporary table (skipped from
> authorization after HIVE-20051), the authorizer will verify privileges for
> the database object.
> This would also prevent DROP TABLE IF EXISTS command failure for temporary or
> non-existing tables with `RangerHiveAuthorizer`. In case of
> temporary/non-existing table, empty input and output HivePrivilege Objects
> are sent to Ranger authorizer and after
> https://issues.apache.org/jira/browse/RANGER-3407 authorization request is
> built from command in case of empty objects. Hence , the drop table if Exists
> command fails with HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [rtrivedi] does not have [DROP] privilege on
> [test/temp_table] (state=42000,code=4) {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[
https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Riju Trivedi updated HIVE-27195:
Description:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of a non-existent table or temporary table (skipped from
authorization after HIVE-20051), the authorizer will verify privileges for the
database object.
This would also prevent DROP TABLE IF EXISTS command failure for temporary or
non-existing tables with Ranger. In case of temporary/non-existing table, empty
input and output HivePrivilege Objects are sent to Ranger authorizer and after
https://issues.apache.org/jira/browse/RANGER-3407 authorization request is
build from command in case of empty objects. Hence
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
was:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of a non-existent table or temporary table (skipped from
authorization after HIVE-20051), the authorizer will verify privileges for the
database object.
This would also prevent DROP TABLE IF EXISTS command failure for temporary or
non-existing tables with Ranger. In case of temporary/non-existing table, empty
input and output HivePrivilege Objects are sent to Ranger authroizer
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
> Add database authorization for drop table command
> -
>
> Key: HIVE-27195
> URL: https://issues.apache.org/jira/browse/HIVE-27195
> Project: Hive
> Issue Type: Bug
>Reporter: Riju Trivedi
>Assignee: Riju Trivedi
>Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Include authorization of the database object during the "drop table" command.
> Similar to "Create table", DB permissions should be verified in the case of
> "drop table" too. Add the database object along with the table object to the
> list of output objects sent for verifying privileges. This change would
> ensure that in case of a non-existent table or temporary table (skipped from
> authorization after HIVE-20051), the authorizer will verify privileges for
> the database object.
> This would also prevent DROP TABLE IF EXISTS command failure for temporary or
> non-existing tables with Ranger. In case of temporary/non-existing table,
> empty input and output HivePrivilege Objects are sent to Ranger authorizer
> and after https://issues.apache.org/jira/browse/RANGER-3407 authorization
> request is build from command in case of empty objects. Hence
> the drop table if Exists fails with HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [rtrivedi] does not have [DROP] privilege on
> [test/temp_table] (state=42000,code=4) {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[
https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Riju Trivedi updated HIVE-27195:
Description:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of a non-existent table or temporary table (skipped from
authorization after HIVE-20051), the authorizer will verify privileges for the
database object.
This would also prevent DROP TABLE IF EXISTS command failure for temporary or
non-existing tables with Ranger. In case of temporary/non-existing table, empty
input and output HivePrivilege Objects are sent to Ranger authroizer
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
was:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of a non-existent table or temporary table (skipped from
authorization after HIVE-20051), the authorizer will verify privileges for the
database object.
This would also prevent DROP TABLE IF EXISTS command failure for temporary or
non-existing table with Ranger
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
> Add database authorization for drop table command
> -
>
> Key: HIVE-27195
> URL: https://issues.apache.org/jira/browse/HIVE-27195
> Project: Hive
> Issue Type: Bug
>Reporter: Riju Trivedi
>Assignee: Riju Trivedi
>Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Include authorization of the database object during the "drop table" command.
> Similar to "Create table", DB permissions should be verified in the case of
> "drop table" too. Add the database object along with the table object to the
> list of output objects sent for verifying privileges. This change would
> ensure that in case of a non-existent table or temporary table (skipped from
> authorization after HIVE-20051), the authorizer will verify privileges for
> the database object.
> This would also prevent DROP TABLE IF EXISTS command failure for temporary or
> non-existing tables with Ranger. In case of temporary/non-existing table,
> empty input and output HivePrivilege Objects are sent to Ranger authroizer
> the drop table if Exists fails with HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [rtrivedi] does not have [DROP] privilege on
> [test/temp_table] (state=42000,code=4) {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[
https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Riju Trivedi updated HIVE-27195:
Description:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of a non-existent table or temporary table (skipped from
authorization after HIVE-20051), the authorizer will verify privileges for the
database object.
This would also prevent DROP TABLE IF EXISTS command failure for temporary or
non-existing table with Ranger
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
was:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of a non-existent table or temporary table (skipped from
authorization after HIVE-20051), the authorizer will verify privileges for the
database object.
This also prevent
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
> Add database authorization for drop table command
> -
>
> Key: HIVE-27195
> URL: https://issues.apache.org/jira/browse/HIVE-27195
> Project: Hive
> Issue Type: Bug
>Reporter: Riju Trivedi
>Assignee: Riju Trivedi
>Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Include authorization of the database object during the "drop table" command.
> Similar to "Create table", DB permissions should be verified in the case of
> "drop table" too. Add the database object along with the table object to the
> list of output objects sent for verifying privileges. This change would
> ensure that in case of a non-existent table or temporary table (skipped from
> authorization after HIVE-20051), the authorizer will verify privileges for
> the database object.
> This would also prevent DROP TABLE IF EXISTS command failure for temporary or
> non-existing table with Ranger
> the drop table if Exists fails with HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [rtrivedi] does not have [DROP] privilege on
> [test/temp_table] (state=42000,code=4) {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[
https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Riju Trivedi updated HIVE-27195:
Description:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of a non-existent table or temporary table (skipped from
authorization after HIVE-20051), the authorizer will verify privileges for the
database object.
This also prevent
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
was:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of a non-existent table or temporary table (skipped from
authorization after HIVE-20051), authorizer will verify privileges for database
object.
Also, In case of a temporary table drop, empty input, and output
HivePrivilegeObject are sent to the authorizer as temporary tables are skipped
from authorization.
h3. What changes were proposed in this pull request?
Authorize write actions on the database during drop table action, and add the
database object to the list of output objects sent for verifying privileges.
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
> Add database authorization for drop table command
> -
>
> Key: HIVE-27195
> URL: https://issues.apache.org/jira/browse/HIVE-27195
> Project: Hive
> Issue Type: Bug
>Reporter: Riju Trivedi
>Assignee: Riju Trivedi
>Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Include authorization of the database object during the "drop table" command.
> Similar to "Create table", DB permissions should be verified in the case of
> "drop table" too. Add the database object along with the table object to the
> list of output objects sent for verifying privileges. This change would
> ensure that in case of a non-existent table or temporary table (skipped from
> authorization after HIVE-20051), the authorizer will verify privileges for
> the database object.
> This also prevent
> the drop table if Exists fails with HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [rtrivedi] does not have [DROP] privilege on
> [test/temp_table] (state=42000,code=4) {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[
https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Riju Trivedi updated HIVE-27195:
Description:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of a non-existent table or temporary table (skipped from
authorization after HIVE-20051), authorizer will verify privileges for database
object.
Also, In case of a temporary table drop, empty input, and output
HivePrivilegeObject are sent to the authorizer as temporary tables are skipped
from authorization.
h3. What changes were proposed in this pull request?
Authorize write actions on the database during drop table action, and add the
database object to the list of output objects sent for verifying privileges.
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
was:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of a non-existent table or temporary table (skipped from
authorization after HIVE-20051), database object would be sent
Also, In case of a temporary table drop, empty input, and output
HivePrivilegeObject are sent to the authorizer as temporary tables are skipped
from authorization.
h3. What changes were proposed in this pull request?
Authorize write actions on the database during drop table action, and add the
database object to the list of output objects sent for verifying privileges.
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
> Add database authorization for drop table command
> -
>
> Key: HIVE-27195
> URL: https://issues.apache.org/jira/browse/HIVE-27195
> Project: Hive
> Issue Type: Bug
>Reporter: Riju Trivedi
>Assignee: Riju Trivedi
>Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Include authorization of the database object during the "drop table" command.
> Similar to "Create table", DB permissions should be verified in the case of
> "drop table" too. Add the database object along with the table object to the
> list of output objects sent for verifying privileges. This change would
> ensure that in case of a non-existent table or temporary table (skipped from
> authorization after HIVE-20051), authorizer will verify privileges for
> database object.
>
> Also, In case of a temporary table drop, empty input, and output
> HivePrivilegeObject are sent to the authorizer as temporary tables are
> skipped from authorization.
> h3. What changes were proposed in this pull request?
> Authorize write actions on the database during drop table action, and add the
> database object to the list of output objects sent for verifying privileges.
> the drop table if Exists fails with HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [rtrivedi] does not have [DROP] privilege on
> [test/temp_table] (state=42000,code=4) {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[
https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Riju Trivedi updated HIVE-27195:
Description:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of a non-existent table or temporary table (skipped from
authorization after HIVE-20051), database object would be sent
Also, In case of a temporary table drop, empty input, and output
HivePrivilegeObject are sent to the authorizer as temporary tables are skipped
from authorization.
h3. What changes were proposed in this pull request?
Authorize write actions on the database during drop table action, and add the
database object to the list of output objects sent for verifying privileges.
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
was:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of non-existent table or temporary table (skipped from
authorization )
Also, In case of a temporary table drop, empty input, and output
HivePrivilegeObject are sent to the authorizer as temporary tables are skipped
from authorization.
h3. What changes were proposed in this pull request?
Authorize write actions on the database during drop table action, and add the
database object to the list of output objects sent for verifying privileges.
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
> Add database authorization for drop table command
> -
>
> Key: HIVE-27195
> URL: https://issues.apache.org/jira/browse/HIVE-27195
> Project: Hive
> Issue Type: Bug
>Reporter: Riju Trivedi
>Assignee: Riju Trivedi
>Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Include authorization of the database object during the "drop table" command.
> Similar to "Create table", DB permissions should be verified in the case of
> "drop table" too. Add the database object along with the table object to the
> list of output objects sent for verifying privileges. This change would
> ensure that in case of a non-existent table or temporary table (skipped from
> authorization after HIVE-20051), database object would be sent
>
> Also, In case of a temporary table drop, empty input, and output
> HivePrivilegeObject are sent to the authorizer as temporary tables are
> skipped from authorization.
> h3. What changes were proposed in this pull request?
> Authorize write actions on the database during drop table action, and add the
> database object to the list of output objects sent for verifying privileges.
> the drop table if Exists fails with HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [rtrivedi] does not have [DROP] privilege on
> [test/temp_table] (state=42000,code=4) {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[
https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Riju Trivedi updated HIVE-27195:
Description:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with the table object to the
list of output objects sent for verifying privileges. This change would ensure
that in case of non-existent table or temporary table (skipped from
authorization )
Also, In case of a temporary table drop, empty input, and output
HivePrivilegeObject are sent to the authorizer as temporary tables are skipped
from authorization.
h3. What changes were proposed in this pull request?
Authorize write actions on the database during drop table action, and add the
database object to the list of output objects sent for verifying privileges.
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
was:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with table object to the list
of output objects sent for verifying privileges
Also, In case of a temporary table drop, empty input, and output
HivePrivilegeObject are sent to the authorizer as temporary tables are skipped
from authorization.
h3. What changes were proposed in this pull request?
Authorize write actions on the database during drop table action, and add the
database object to the list of output objects sent for verifying privileges.
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
> Add database authorization for drop table command
> -
>
> Key: HIVE-27195
> URL: https://issues.apache.org/jira/browse/HIVE-27195
> Project: Hive
> Issue Type: Bug
>Reporter: Riju Trivedi
>Assignee: Riju Trivedi
>Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Include authorization of the database object during the "drop table" command.
> Similar to "Create table", DB permissions should be verified in the case of
> "drop table" too. Add the database object along with the table object to the
> list of output objects sent for verifying privileges. This change would
> ensure that in case of non-existent table or temporary table (skipped from
> authorization )
>
> Also, In case of a temporary table drop, empty input, and output
> HivePrivilegeObject are sent to the authorizer as temporary tables are
> skipped from authorization.
> h3. What changes were proposed in this pull request?
> Authorize write actions on the database during drop table action, and add the
> database object to the list of output objects sent for verifying privileges.
> the drop table if Exists fails with HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [rtrivedi] does not have [DROP] privilege on
> [test/temp_table] (state=42000,code=4) {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[
https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Riju Trivedi updated HIVE-27195:
Description:
Include authorization of the database object during the "drop table" command.
Similar to "Create table", DB permissions should be verified in the case of
"drop table" too. Add the database object along with table object to the list
of output objects sent for verifying privileges
Also, In case of a temporary table drop, empty input, and output
HivePrivilegeObject are sent to the authorizer as temporary tables are skipped
from authorization.
h3. What changes were proposed in this pull request?
Authorize write actions on the database during drop table action, and add the
database object to the list of output objects sent for verifying privileges.
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
was:
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
> Add database authorization for drop table command
> -
>
> Key: HIVE-27195
> URL: https://issues.apache.org/jira/browse/HIVE-27195
> Project: Hive
> Issue Type: Bug
>Reporter: Riju Trivedi
>Assignee: Riju Trivedi
>Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Include authorization of the database object during the "drop table" command.
> Similar to "Create table", DB permissions should be verified in the case of
> "drop table" too. Add the database object along with table object to the list
> of output objects sent for verifying privileges
>
> Also, In case of a temporary table drop, empty input, and output
> HivePrivilegeObject are sent to the authorizer as temporary tables are
> skipped from authorization.
> h3. What changes were proposed in this pull request?
> Authorize write actions on the database during drop table action, and add the
> database object to the list of output objects sent for verifying privileges.
> the drop table if Exists fails with HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [rtrivedi] does not have [DROP] privilege on
> [test/temp_table] (state=42000,code=4) {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[
https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Riju Trivedi updated HIVE-27195:
Description:
the drop table if Exists fails with HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
was:
https://issues.apache.org/jira/browse/HIVE-20051 handles skipping authorization
for temporary tables. But still, the drop table if Exists fails with
HiveAccessControlException.
Steps to Repro:
{code:java}
use test; CREATE TEMPORARY TABLE temp_table (id int);
drop table if exists test.temp_table;
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [rtrivedi] does not have [DROP] privilege on
[test/temp_table] (state=42000,code=4) {code}
> Add database authorization for drop table command
> -
>
> Key: HIVE-27195
> URL: https://issues.apache.org/jira/browse/HIVE-27195
> Project: Hive
> Issue Type: Bug
>Reporter: Riju Trivedi
>Assignee: Riju Trivedi
>Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> the drop table if Exists fails with HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [rtrivedi] does not have [DROP] privilege on
> [test/temp_table] (state=42000,code=4) {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[
https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Riju Trivedi updated HIVE-27195:
Summary: Add database authorization for drop table command (was: Drop
table if Exists . fails during authorization for temporary
tables)
> Add database authorization for drop table command
> -
>
> Key: HIVE-27195
> URL: https://issues.apache.org/jira/browse/HIVE-27195
> Project: Hive
> Issue Type: Bug
>Reporter: Riju Trivedi
>Assignee: Riju Trivedi
>Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> https://issues.apache.org/jira/browse/HIVE-20051 handles skipping
> authorization for temporary tables. But still, the drop table if Exists fails
> with HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [rtrivedi] does not have [DROP] privilege on
> [test/temp_table] (state=42000,code=4) {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
