[HIVE-8221] authorize additional metadata read operations in metastore storage based authorization - ASF JIRA

XML

Word

Printable

JSON

Release Note:

Hide
Storagebased authorization now authorizes read privilege on database and tables. get_database api call needs database directory read privilege. get_table_* calls that fetch table information and get_partition_* calls to list the partitions of a table require read privilege on the table directory.
. It is enabled by default with Storagebased authorization. Set hive.security.metastore.authorization.auth.reads=false to disable this check in storage based authorization.

Show
Storagebased authorization now authorizes read privilege on database and tables. get_database api call needs database directory read privilege. get_table_* calls that fetch table information and get_partition_* calls to list the partitions of a table require read privilege on the table directory. . It is enabled by default with Storagebased authorization. Set hive.security.metastore.authorization.auth.reads=false to disable this check in storage based authorization.

Table and database metadata read operations should also be authorized by storage based authorization, when enabled in hive metastore.

relates to

HIVE-8287 Metadata action errors don't have information about cause

links to

review board