[hive] branch master updated: HIVE-25444: Make tables based on storage handlers authorization (HIVE-24705) configurable (#3290) (originally contributed by Sai Hemanth Gantasala, committed by Adam Szita, reviewed by Peter Vary)

Tue, 17 May 2022 06:19:18 -0700 

This is an automated email from the ASF dual-hosted git repository.

szita pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git


The following commit(s) were added to refs/heads/master by this push:
     new aa0647e8df3 HIVE-25444: Make tables based on storage handlers 
authorization (HIVE-24705) configurable (#3290) (originally contributed by Sai 
Hemanth Gantasala, committed by Adam Szita, reviewed by Peter Vary)
aa0647e8df3 is described below

commit aa0647e8df330c00d14475b68ce4201d96c06b84
Author: Adam Szita <40628386+sz...@users.noreply.github.com>
AuthorDate: Tue May 17 15:19:05 2022 +0200

    HIVE-25444: Make tables based on storage handlers authorization 
(HIVE-24705) configurable (#3290) (originally contributed by Sai Hemanth 
Gantasala, committed by Adam Szita, reviewed by Peter Vary)
---
 common/src/java/org/apache/hadoop/hive/conf/HiveConf.java              | 3 +++
 .../hive/ql/security/authorization/command/CommandAuthorizerV2.java    | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 
b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
index caf223dd91b..a14872995b5 100644
--- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
+++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
@@ -3568,6 +3568,9 @@ public class HiveConf extends Configuration {
     HIVE_AUTHORIZATION_TASK_FACTORY("hive.security.authorization.task.factory",
         
"org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactoryImpl",
         "Authorization DDL task factory implementation"),
+    
HIVE_AUTHORIZATION_TABLES_ON_STORAGEHANDLERS("hive.security.authorization.tables.on.storagehandlers",
 true,
+        "Enables authorization on tables with custom storage handlers as 
implemented by HIVE-24705. " +
+        "Default setting is true. Useful for turning the feature off if the 
corresponding ranger patch is missing."),
 
     // if this is not set default value is set during config initialization
     // Default value can't be set in this constructor as it would refer names 
in other ConfVars
diff --git 
a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java
 
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java
index 191b27471f4..114d9b3186a 100644
--- 
a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java
+++ 
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java
@@ -178,7 +178,8 @@ final class CommandAuthorizerV2 {
           tableName2Cols.get(Table.getCompleteName(table.getDbName(), 
table.getTableName()));
       hivePrivObject = new HivePrivilegeObject(privObjType, table.getDbName(), 
table.getTableName(),
           null, columns, actionType, null, null, table.getOwner(), 
table.getOwnerType());
-      if (table.getStorageHandler() != null) {
+      if (table.getStorageHandler() != null && 
HiveConf.getBoolVar(SessionState.getSessionConf(),
+          HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLES_ON_STORAGEHANDLERS)) {
         //TODO: add hive privilege object for storage based handlers for 
create and alter table commands.
         if (hiveOpType == HiveOperationType.CREATETABLE ||
                 hiveOpType == HiveOperationType.ALTERTABLE_PROPERTIES ||

Reply via email to