[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[ https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Riju Trivedi updated HIVE-27195: Description: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of a non-existent table or temporary table (skipped from authorization after HIVE-20051), the authorizer will verify privileges for the database object. This would also prevent DROP TABLE IF EXISTS command failure for temporary or non-existing tables with `RangerHiveAuthorizer`. In case of temporary/non-existing table, empty input and output HivePrivilege Objects are sent to Ranger authorizer and after https://issues.apache.org/jira/browse/RANGER-3407 authorization request is built from command in case of empty objects. Hence, the drop table if Exists command fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} was: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of a non-existent table or temporary table (skipped from authorization after HIVE-20051), the authorizer will verify privileges for the database object. This would also prevent DROP TABLE IF EXISTS command failure for temporary or non-existing tables with `RangerHiveAuthorizer`. In case of temporary/non-existing table, empty input and output HivePrivilege Objects are sent to Ranger authorizer and after https://issues.apache.org/jira/browse/RANGER-3407 authorization request is built from command in case of empty objects. Hence , the drop table if Exists command fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} > Add database authorization for drop table command > - > > Key: HIVE-27195 > URL: https://issues.apache.org/jira/browse/HIVE-27195 > Project: Hive > Issue Type: Bug >Reporter: Riju Trivedi >Assignee: Riju Trivedi >Priority: Major > Labels: pull-request-available > Time Spent: 0.5h > Remaining Estimate: 0h > > Include authorization of the database object during the "drop table" command. > Similar to "Create table", DB permissions should be verified in the case of > "drop table" too. Add the database object along with the table object to the > list of output objects sent for verifying privileges. This change would > ensure that in case of a non-existent table or temporary table (skipped from > authorization after HIVE-20051), the authorizer will verify privileges for > the database object. > This would also prevent DROP TABLE IF EXISTS command failure for temporary or > non-existing tables with `RangerHiveAuthorizer`. In case of > temporary/non-existing table, empty input and output HivePrivilege Objects > are sent to Ranger authorizer and after > https://issues.apache.org/jira/browse/RANGER-3407 authorization request is > built from command in case of empty objects. Hence, the drop table if Exists > command fails with HiveAccessControlException. > Steps to Repro: > {code:java} > use test; CREATE TEMPORARY TABLE temp_table (id int); > drop table if exists test.temp_table; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [rtrivedi] does not have [DROP] privilege on > [test/temp_table] (state=42000,code=4) {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[ https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Riju Trivedi updated HIVE-27195: Description: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of a non-existent table or temporary table (skipped from authorization after HIVE-20051), the authorizer will verify privileges for the database object. This would also prevent DROP TABLE IF EXISTS command failure for temporary or non-existing tables with `RangerHiveAuthorizer`. In case of temporary/non-existing table, empty input and output HivePrivilege Objects are sent to Ranger authorizer and after https://issues.apache.org/jira/browse/RANGER-3407 authorization request is built from command in case of empty objects. Hence , the drop table if Exists command fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} was: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of a non-existent table or temporary table (skipped from authorization after HIVE-20051), the authorizer will verify privileges for the database object. This would also prevent DROP TABLE IF EXISTS command failure for temporary or non-existing tables with Ranger. In case of temporary/non-existing table, empty input and output HivePrivilege Objects are sent to Ranger authorizer and after https://issues.apache.org/jira/browse/RANGER-3407 authorization request is build from command in case of empty objects. Hence the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} > Add database authorization for drop table command > - > > Key: HIVE-27195 > URL: https://issues.apache.org/jira/browse/HIVE-27195 > Project: Hive > Issue Type: Bug >Reporter: Riju Trivedi >Assignee: Riju Trivedi >Priority: Major > Labels: pull-request-available > Time Spent: 0.5h > Remaining Estimate: 0h > > Include authorization of the database object during the "drop table" command. > Similar to "Create table", DB permissions should be verified in the case of > "drop table" too. Add the database object along with the table object to the > list of output objects sent for verifying privileges. This change would > ensure that in case of a non-existent table or temporary table (skipped from > authorization after HIVE-20051), the authorizer will verify privileges for > the database object. > This would also prevent DROP TABLE IF EXISTS command failure for temporary or > non-existing tables with `RangerHiveAuthorizer`. In case of > temporary/non-existing table, empty input and output HivePrivilege Objects > are sent to Ranger authorizer and after > https://issues.apache.org/jira/browse/RANGER-3407 authorization request is > built from command in case of empty objects. Hence , the drop table if Exists > command fails with HiveAccessControlException. > Steps to Repro: > {code:java} > use test; CREATE TEMPORARY TABLE temp_table (id int); > drop table if exists test.temp_table; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [rtrivedi] does not have [DROP] privilege on > [test/temp_table] (state=42000,code=4) {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[ https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Riju Trivedi updated HIVE-27195: Description: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of a non-existent table or temporary table (skipped from authorization after HIVE-20051), the authorizer will verify privileges for the database object. This would also prevent DROP TABLE IF EXISTS command failure for temporary or non-existing tables with Ranger. In case of temporary/non-existing table, empty input and output HivePrivilege Objects are sent to Ranger authorizer and after https://issues.apache.org/jira/browse/RANGER-3407 authorization request is build from command in case of empty objects. Hence the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} was: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of a non-existent table or temporary table (skipped from authorization after HIVE-20051), the authorizer will verify privileges for the database object. This would also prevent DROP TABLE IF EXISTS command failure for temporary or non-existing tables with Ranger. In case of temporary/non-existing table, empty input and output HivePrivilege Objects are sent to Ranger authroizer the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} > Add database authorization for drop table command > - > > Key: HIVE-27195 > URL: https://issues.apache.org/jira/browse/HIVE-27195 > Project: Hive > Issue Type: Bug >Reporter: Riju Trivedi >Assignee: Riju Trivedi >Priority: Major > Labels: pull-request-available > Time Spent: 0.5h > Remaining Estimate: 0h > > Include authorization of the database object during the "drop table" command. > Similar to "Create table", DB permissions should be verified in the case of > "drop table" too. Add the database object along with the table object to the > list of output objects sent for verifying privileges. This change would > ensure that in case of a non-existent table or temporary table (skipped from > authorization after HIVE-20051), the authorizer will verify privileges for > the database object. > This would also prevent DROP TABLE IF EXISTS command failure for temporary or > non-existing tables with Ranger. In case of temporary/non-existing table, > empty input and output HivePrivilege Objects are sent to Ranger authorizer > and after https://issues.apache.org/jira/browse/RANGER-3407 authorization > request is build from command in case of empty objects. Hence > the drop table if Exists fails with HiveAccessControlException. > Steps to Repro: > {code:java} > use test; CREATE TEMPORARY TABLE temp_table (id int); > drop table if exists test.temp_table; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [rtrivedi] does not have [DROP] privilege on > [test/temp_table] (state=42000,code=4) {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[ https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Riju Trivedi updated HIVE-27195: Description: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of a non-existent table or temporary table (skipped from authorization after HIVE-20051), the authorizer will verify privileges for the database object. This would also prevent DROP TABLE IF EXISTS command failure for temporary or non-existing tables with Ranger. In case of temporary/non-existing table, empty input and output HivePrivilege Objects are sent to Ranger authroizer the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} was: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of a non-existent table or temporary table (skipped from authorization after HIVE-20051), the authorizer will verify privileges for the database object. This would also prevent DROP TABLE IF EXISTS command failure for temporary or non-existing table with Ranger the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} > Add database authorization for drop table command > - > > Key: HIVE-27195 > URL: https://issues.apache.org/jira/browse/HIVE-27195 > Project: Hive > Issue Type: Bug >Reporter: Riju Trivedi >Assignee: Riju Trivedi >Priority: Major > Labels: pull-request-available > Time Spent: 0.5h > Remaining Estimate: 0h > > Include authorization of the database object during the "drop table" command. > Similar to "Create table", DB permissions should be verified in the case of > "drop table" too. Add the database object along with the table object to the > list of output objects sent for verifying privileges. This change would > ensure that in case of a non-existent table or temporary table (skipped from > authorization after HIVE-20051), the authorizer will verify privileges for > the database object. > This would also prevent DROP TABLE IF EXISTS command failure for temporary or > non-existing tables with Ranger. In case of temporary/non-existing table, > empty input and output HivePrivilege Objects are sent to Ranger authroizer > the drop table if Exists fails with HiveAccessControlException. > Steps to Repro: > {code:java} > use test; CREATE TEMPORARY TABLE temp_table (id int); > drop table if exists test.temp_table; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [rtrivedi] does not have [DROP] privilege on > [test/temp_table] (state=42000,code=4) {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[ https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Riju Trivedi updated HIVE-27195: Description: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of a non-existent table or temporary table (skipped from authorization after HIVE-20051), the authorizer will verify privileges for the database object. This would also prevent DROP TABLE IF EXISTS command failure for temporary or non-existing table with Ranger the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} was: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of a non-existent table or temporary table (skipped from authorization after HIVE-20051), the authorizer will verify privileges for the database object. This also prevent the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} > Add database authorization for drop table command > - > > Key: HIVE-27195 > URL: https://issues.apache.org/jira/browse/HIVE-27195 > Project: Hive > Issue Type: Bug >Reporter: Riju Trivedi >Assignee: Riju Trivedi >Priority: Major > Labels: pull-request-available > Time Spent: 0.5h > Remaining Estimate: 0h > > Include authorization of the database object during the "drop table" command. > Similar to "Create table", DB permissions should be verified in the case of > "drop table" too. Add the database object along with the table object to the > list of output objects sent for verifying privileges. This change would > ensure that in case of a non-existent table or temporary table (skipped from > authorization after HIVE-20051), the authorizer will verify privileges for > the database object. > This would also prevent DROP TABLE IF EXISTS command failure for temporary or > non-existing table with Ranger > the drop table if Exists fails with HiveAccessControlException. > Steps to Repro: > {code:java} > use test; CREATE TEMPORARY TABLE temp_table (id int); > drop table if exists test.temp_table; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [rtrivedi] does not have [DROP] privilege on > [test/temp_table] (state=42000,code=4) {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[ https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Riju Trivedi updated HIVE-27195: Description: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of a non-existent table or temporary table (skipped from authorization after HIVE-20051), the authorizer will verify privileges for the database object. This also prevent the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} was: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of a non-existent table or temporary table (skipped from authorization after HIVE-20051), authorizer will verify privileges for database object. Also, In case of a temporary table drop, empty input, and output HivePrivilegeObject are sent to the authorizer as temporary tables are skipped from authorization. h3. What changes were proposed in this pull request? Authorize write actions on the database during drop table action, and add the database object to the list of output objects sent for verifying privileges. the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} > Add database authorization for drop table command > - > > Key: HIVE-27195 > URL: https://issues.apache.org/jira/browse/HIVE-27195 > Project: Hive > Issue Type: Bug >Reporter: Riju Trivedi >Assignee: Riju Trivedi >Priority: Major > Labels: pull-request-available > Time Spent: 0.5h > Remaining Estimate: 0h > > Include authorization of the database object during the "drop table" command. > Similar to "Create table", DB permissions should be verified in the case of > "drop table" too. Add the database object along with the table object to the > list of output objects sent for verifying privileges. This change would > ensure that in case of a non-existent table or temporary table (skipped from > authorization after HIVE-20051), the authorizer will verify privileges for > the database object. > This also prevent > the drop table if Exists fails with HiveAccessControlException. > Steps to Repro: > {code:java} > use test; CREATE TEMPORARY TABLE temp_table (id int); > drop table if exists test.temp_table; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [rtrivedi] does not have [DROP] privilege on > [test/temp_table] (state=42000,code=4) {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[ https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Riju Trivedi updated HIVE-27195: Description: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of a non-existent table or temporary table (skipped from authorization after HIVE-20051), authorizer will verify privileges for database object. Also, In case of a temporary table drop, empty input, and output HivePrivilegeObject are sent to the authorizer as temporary tables are skipped from authorization. h3. What changes were proposed in this pull request? Authorize write actions on the database during drop table action, and add the database object to the list of output objects sent for verifying privileges. the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} was: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of a non-existent table or temporary table (skipped from authorization after HIVE-20051), database object would be sent Also, In case of a temporary table drop, empty input, and output HivePrivilegeObject are sent to the authorizer as temporary tables are skipped from authorization. h3. What changes were proposed in this pull request? Authorize write actions on the database during drop table action, and add the database object to the list of output objects sent for verifying privileges. the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} > Add database authorization for drop table command > - > > Key: HIVE-27195 > URL: https://issues.apache.org/jira/browse/HIVE-27195 > Project: Hive > Issue Type: Bug >Reporter: Riju Trivedi >Assignee: Riju Trivedi >Priority: Major > Labels: pull-request-available > Time Spent: 0.5h > Remaining Estimate: 0h > > Include authorization of the database object during the "drop table" command. > Similar to "Create table", DB permissions should be verified in the case of > "drop table" too. Add the database object along with the table object to the > list of output objects sent for verifying privileges. This change would > ensure that in case of a non-existent table or temporary table (skipped from > authorization after HIVE-20051), authorizer will verify privileges for > database object. > > Also, In case of a temporary table drop, empty input, and output > HivePrivilegeObject are sent to the authorizer as temporary tables are > skipped from authorization. > h3. What changes were proposed in this pull request? > Authorize write actions on the database during drop table action, and add the > database object to the list of output objects sent for verifying privileges. > the drop table if Exists fails with HiveAccessControlException. > Steps to Repro: > {code:java} > use test; CREATE TEMPORARY TABLE temp_table (id int); > drop table if exists test.temp_table; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [rtrivedi] does not have [DROP] privilege on > [test/temp_table] (state=42000,code=4) {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[ https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Riju Trivedi updated HIVE-27195: Description: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of a non-existent table or temporary table (skipped from authorization after HIVE-20051), database object would be sent Also, In case of a temporary table drop, empty input, and output HivePrivilegeObject are sent to the authorizer as temporary tables are skipped from authorization. h3. What changes were proposed in this pull request? Authorize write actions on the database during drop table action, and add the database object to the list of output objects sent for verifying privileges. the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} was: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of non-existent table or temporary table (skipped from authorization ) Also, In case of a temporary table drop, empty input, and output HivePrivilegeObject are sent to the authorizer as temporary tables are skipped from authorization. h3. What changes were proposed in this pull request? Authorize write actions on the database during drop table action, and add the database object to the list of output objects sent for verifying privileges. the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} > Add database authorization for drop table command > - > > Key: HIVE-27195 > URL: https://issues.apache.org/jira/browse/HIVE-27195 > Project: Hive > Issue Type: Bug >Reporter: Riju Trivedi >Assignee: Riju Trivedi >Priority: Major > Labels: pull-request-available > Time Spent: 0.5h > Remaining Estimate: 0h > > Include authorization of the database object during the "drop table" command. > Similar to "Create table", DB permissions should be verified in the case of > "drop table" too. Add the database object along with the table object to the > list of output objects sent for verifying privileges. This change would > ensure that in case of a non-existent table or temporary table (skipped from > authorization after HIVE-20051), database object would be sent > > Also, In case of a temporary table drop, empty input, and output > HivePrivilegeObject are sent to the authorizer as temporary tables are > skipped from authorization. > h3. What changes were proposed in this pull request? > Authorize write actions on the database during drop table action, and add the > database object to the list of output objects sent for verifying privileges. > the drop table if Exists fails with HiveAccessControlException. > Steps to Repro: > {code:java} > use test; CREATE TEMPORARY TABLE temp_table (id int); > drop table if exists test.temp_table; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [rtrivedi] does not have [DROP] privilege on > [test/temp_table] (state=42000,code=4) {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[ https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Riju Trivedi updated HIVE-27195: Description: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with the table object to the list of output objects sent for verifying privileges. This change would ensure that in case of non-existent table or temporary table (skipped from authorization ) Also, In case of a temporary table drop, empty input, and output HivePrivilegeObject are sent to the authorizer as temporary tables are skipped from authorization. h3. What changes were proposed in this pull request? Authorize write actions on the database during drop table action, and add the database object to the list of output objects sent for verifying privileges. the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} was: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with table object to the list of output objects sent for verifying privileges Also, In case of a temporary table drop, empty input, and output HivePrivilegeObject are sent to the authorizer as temporary tables are skipped from authorization. h3. What changes were proposed in this pull request? Authorize write actions on the database during drop table action, and add the database object to the list of output objects sent for verifying privileges. the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} > Add database authorization for drop table command > - > > Key: HIVE-27195 > URL: https://issues.apache.org/jira/browse/HIVE-27195 > Project: Hive > Issue Type: Bug >Reporter: Riju Trivedi >Assignee: Riju Trivedi >Priority: Major > Labels: pull-request-available > Time Spent: 0.5h > Remaining Estimate: 0h > > Include authorization of the database object during the "drop table" command. > Similar to "Create table", DB permissions should be verified in the case of > "drop table" too. Add the database object along with the table object to the > list of output objects sent for verifying privileges. This change would > ensure that in case of non-existent table or temporary table (skipped from > authorization ) > > Also, In case of a temporary table drop, empty input, and output > HivePrivilegeObject are sent to the authorizer as temporary tables are > skipped from authorization. > h3. What changes were proposed in this pull request? > Authorize write actions on the database during drop table action, and add the > database object to the list of output objects sent for verifying privileges. > the drop table if Exists fails with HiveAccessControlException. > Steps to Repro: > {code:java} > use test; CREATE TEMPORARY TABLE temp_table (id int); > drop table if exists test.temp_table; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [rtrivedi] does not have [DROP] privilege on > [test/temp_table] (state=42000,code=4) {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[ https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Riju Trivedi updated HIVE-27195: Description: Include authorization of the database object during the "drop table" command. Similar to "Create table", DB permissions should be verified in the case of "drop table" too. Add the database object along with table object to the list of output objects sent for verifying privileges Also, In case of a temporary table drop, empty input, and output HivePrivilegeObject are sent to the authorizer as temporary tables are skipped from authorization. h3. What changes were proposed in this pull request? Authorize write actions on the database during drop table action, and add the database object to the list of output objects sent for verifying privileges. the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} was: the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} > Add database authorization for drop table command > - > > Key: HIVE-27195 > URL: https://issues.apache.org/jira/browse/HIVE-27195 > Project: Hive > Issue Type: Bug >Reporter: Riju Trivedi >Assignee: Riju Trivedi >Priority: Major > Labels: pull-request-available > Time Spent: 0.5h > Remaining Estimate: 0h > > Include authorization of the database object during the "drop table" command. > Similar to "Create table", DB permissions should be verified in the case of > "drop table" too. Add the database object along with table object to the list > of output objects sent for verifying privileges > > Also, In case of a temporary table drop, empty input, and output > HivePrivilegeObject are sent to the authorizer as temporary tables are > skipped from authorization. > h3. What changes were proposed in this pull request? > Authorize write actions on the database during drop table action, and add the > database object to the list of output objects sent for verifying privileges. > the drop table if Exists fails with HiveAccessControlException. > Steps to Repro: > {code:java} > use test; CREATE TEMPORARY TABLE temp_table (id int); > drop table if exists test.temp_table; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [rtrivedi] does not have [DROP] privilege on > [test/temp_table] (state=42000,code=4) {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[ https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Riju Trivedi updated HIVE-27195: Description: the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} was: https://issues.apache.org/jira/browse/HIVE-20051 handles skipping authorization for temporary tables. But still, the drop table if Exists fails with HiveAccessControlException. Steps to Repro: {code:java} use test; CREATE TEMPORARY TABLE temp_table (id int); drop table if exists test.temp_table; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rtrivedi] does not have [DROP] privilege on [test/temp_table] (state=42000,code=4) {code} > Add database authorization for drop table command > - > > Key: HIVE-27195 > URL: https://issues.apache.org/jira/browse/HIVE-27195 > Project: Hive > Issue Type: Bug >Reporter: Riju Trivedi >Assignee: Riju Trivedi >Priority: Major > Labels: pull-request-available > Time Spent: 0.5h > Remaining Estimate: 0h > > the drop table if Exists fails with HiveAccessControlException. > Steps to Repro: > {code:java} > use test; CREATE TEMPORARY TABLE temp_table (id int); > drop table if exists test.temp_table; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [rtrivedi] does not have [DROP] privilege on > [test/temp_table] (state=42000,code=4) {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HIVE-27195) Add database authorization for drop table command
[ https://issues.apache.org/jira/browse/HIVE-27195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Riju Trivedi updated HIVE-27195: Summary: Add database authorization for drop table command (was: Drop table if Exists . fails during authorization for temporary tables) > Add database authorization for drop table command > - > > Key: HIVE-27195 > URL: https://issues.apache.org/jira/browse/HIVE-27195 > Project: Hive > Issue Type: Bug >Reporter: Riju Trivedi >Assignee: Riju Trivedi >Priority: Major > Labels: pull-request-available > Time Spent: 0.5h > Remaining Estimate: 0h > > https://issues.apache.org/jira/browse/HIVE-20051 handles skipping > authorization for temporary tables. But still, the drop table if Exists fails > with HiveAccessControlException. > Steps to Repro: > {code:java} > use test; CREATE TEMPORARY TABLE temp_table (id int); > drop table if exists test.temp_table; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [rtrivedi] does not have [DROP] privilege on > [test/temp_table] (state=42000,code=4) {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)