This is an automated email from the ASF dual-hosted git repository. szita pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push: new aa0647e8df3 HIVE-25444: Make tables based on storage handlers authorization (HIVE-24705) configurable (#3290) (originally contributed by Sai Hemanth Gantasala, committed by Adam Szita, reviewed by Peter Vary) aa0647e8df3 is described below commit aa0647e8df330c00d14475b68ce4201d96c06b84 Author: Adam Szita <40628386+sz...@users.noreply.github.com> AuthorDate: Tue May 17 15:19:05 2022 +0200 HIVE-25444: Make tables based on storage handlers authorization (HIVE-24705) configurable (#3290) (originally contributed by Sai Hemanth Gantasala, committed by Adam Szita, reviewed by Peter Vary) --- common/src/java/org/apache/hadoop/hive/conf/HiveConf.java | 3 +++ .../hive/ql/security/authorization/command/CommandAuthorizerV2.java | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index caf223dd91b..a14872995b5 100644 --- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -3568,6 +3568,9 @@ public class HiveConf extends Configuration { HIVE_AUTHORIZATION_TASK_FACTORY("hive.security.authorization.task.factory", "org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactoryImpl", "Authorization DDL task factory implementation"), + HIVE_AUTHORIZATION_TABLES_ON_STORAGEHANDLERS("hive.security.authorization.tables.on.storagehandlers", true, + "Enables authorization on tables with custom storage handlers as implemented by HIVE-24705. " + + "Default setting is true. Useful for turning the feature off if the corresponding ranger patch is missing."), // if this is not set default value is set during config initialization // Default value can't be set in this constructor as it would refer names in other ConfVars diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java index 191b27471f4..114d9b3186a 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java @@ -178,7 +178,8 @@ final class CommandAuthorizerV2 { tableName2Cols.get(Table.getCompleteName(table.getDbName(), table.getTableName())); hivePrivObject = new HivePrivilegeObject(privObjType, table.getDbName(), table.getTableName(), null, columns, actionType, null, null, table.getOwner(), table.getOwnerType()); - if (table.getStorageHandler() != null) { + if (table.getStorageHandler() != null && HiveConf.getBoolVar(SessionState.getSessionConf(), + HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLES_ON_STORAGEHANDLERS)) { //TODO: add hive privilege object for storage based handlers for create and alter table commands. if (hiveOpType == HiveOperationType.CREATETABLE || hiveOpType == HiveOperationType.ALTERTABLE_PROPERTIES ||