[HIVE-15120] Storage based auth: allow option to enforce write checks for external tables - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.3.0, 2.2.0
Component/s: Authorization
Labels:
- TODOC1.3
- TODOC2.2

Hadoop Flags:

Reviewed

Description

Under storage based authorization, we don't require write permissions on table directory for external table create/drop.
This is because external table contents are populated often from outside of hive and are not written into from hive. So write access is not needed. Also, we can't require write permissions to drop a table if we don't require them for creation (users who created them should be able to drop them).

However, this difference in behavior of external tables is not well documented. So users get surprised to learn that drop table can be done by just any user who has read access to the directory. At that point changing the large number of scripts that use external tables is hard.
It would be good to have a user config option to have external tables to be treated same as managed tables.
The option should be off by default, so that the behavior is backward compatible by default.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-15120.1.patch
04/Nov/16 22:37
6 kB
Daniel Dai
HIVE-15120.2.patch
07/Nov/16 21:27
6 kB
Daniel Dai
HIVE-15120.3.patch
08/Nov/16 01:39
7 kB
Daniel Dai
HIVE-15120.4.patch
08/Nov/16 23:28
7 kB
Daniel Dai

Activity

People

Assignee:: Daniel Dai

Reporter:: Thejas Nair

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 03/Nov/16 18:22

Updated:: 08/Dec/17 00:30

Resolved:: 08/Nov/16 23:51