Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.1.0
    • Component/s: None
    • Labels:
      None

      Description

      dHere is a use case. They have a base table t1, from which they create a view v1. They further create a view v2 from v1 by applying a filter. User has access to only view v2, not view v1 or table t1. When user tries to access v2, they are denied access.

      Steps to recreate:
      There is a base table t1 that exists in the default database with primary key id and some employee data (name, ssn etc)
      Create view v1 - “create view v1 as select * from default.t1;”
      Created v2 - “create view v2 as select * from v1 where id =1;”

      Permissions provided for user to select all columns from view v2. When user runs select * from v2, hive throws an error “user does not have permissions to select view v1".

      Apparently Hive is converting the query to underlying views.
      SELECT * FROM v2 LIMIT 100
      To
      select `v1`.`id`, `v1`.`name`, `v1`.`ssn`, `v1`.`join_date`, `v1`.`location` from `hr`.`v1` where `v1`.`id`=1

      Hive should only check for permissions for the view being run in the query, not any parent views. (This is consistent with ORACLE).

        Attachments

        1. HIVE-13198.01.patch
          53 kB
          Pengcheng Xiong
        2. HIVE-13198.02.patch
          58 kB
          Pengcheng Xiong

          Issue Links

            Activity

              People

              • Assignee:
                pxiong Pengcheng Xiong
                Reporter:
                pxiong Pengcheng Xiong
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: