Hive
  1. Hive
  2. HIVE-1935

set hive.security.authorization.createtable.owner.grants to null by default

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.7.0
    • Component/s: Authorization, Security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      It seems an empty setting in hive-size.xml does not overwrite hive-default.xml

      1. HIVE-1935.1.patch
        53 kB
        He Yongqiang

        Issue Links

          Activity

          Hide
          Carl Steinbach added a comment -

          Looks like this was committed on January 31st:

          2cbbccc HIVE-1935 set hive.security.authorization.createtable.owner.grants to null by default (He Yongqiang via namit)
          
          Show
          Carl Steinbach added a comment - Looks like this was committed on January 31st: 2cbbccc HIVE-1935 set hive.security.authorization.createtable.owner.grants to null by default (He Yongqiang via namit)
          Hide
          Carl Steinbach added a comment -

          This problem is related to HADOOP-1347.

          And it sounds like an immediate workaround is to reset the property value
          using " " instead of "". The root of the problem is allowing property values
          to be null-valued in the first place, and then using a serialization mechanism
          (XML) that can't differentiate between null and empty-string.

          Since we already allow the user to specify "All", maybe the real solution to this
          problem (given the limitations of o.a.h.conf.Configuration and XML) is to also
          allow the user to to specify "None".

          Show
          Carl Steinbach added a comment - This problem is related to HADOOP-1347 . And it sounds like an immediate workaround is to reset the property value using " " instead of "". The root of the problem is allowing property values to be null-valued in the first place, and then using a serialization mechanism (XML) that can't differentiate between null and empty-string. Since we already allow the user to specify "All", maybe the real solution to this problem (given the limitations of o.a.h.conf.Configuration and XML) is to also allow the user to to specify "None".
          Hide
          He Yongqiang added a comment -

          @Carl, agree. If we can find a way to avoid setting them to null in default, that will be great.
          But the problem seems come from hadoop's Configuration or Java's Properties.

          Show
          He Yongqiang added a comment - @Carl, agree. If we can find a way to avoid setting them to null in default, that will be great. But the problem seems come from hadoop's Configuration or Java's Properties.
          Hide
          Carl Steinbach added a comment -

          This patch changes the default value of hive.security.authorization.createtable.owner.grants
          from "All" to null, which means that by default users will not have the ability to access tables
          that they have created, right?

          If that's the case then I think you should really fix the underlying problem in HiveConf instead
          of working around it by creating a default setting that virtually everyone will end up having
          to reset in hive-site.xml

          Show
          Carl Steinbach added a comment - This patch changes the default value of hive.security.authorization.createtable.owner.grants from "All" to null, which means that by default users will not have the ability to access tables that they have created, right? If that's the case then I think you should really fix the underlying problem in HiveConf instead of working around it by creating a default setting that virtually everyone will end up having to reset in hive-site.xml
          Hide
          Namit Jain added a comment -

          +1

          Show
          Namit Jain added a comment - +1
          Hide
          He Yongqiang added a comment -

          There are basically 2 lines of change. Mostly are overwrite of test files.

          Show
          He Yongqiang added a comment - There are basically 2 lines of change. Mostly are overwrite of test files.

            People

            • Assignee:
              He Yongqiang
              Reporter:
              He Yongqiang
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development