Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-20818

Views created with a WHERE subquery will regard views referenced in the subquery as direct input

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.0.0
    • Component/s: None
    • Labels:
      None

      Description

      If Hive is configured with an authorization hook like Sentry, and a view is created with a WHERE clause referencing a different view' user has no access to, user cannot access the view as view' is considered direct input.

      For example:

      create database db1;
      create database db2;
      create database db3;
       
      create table db1.table1 (cola string, colb string, colc string);
      insert into db1.table1 values ('a','b','c');
      insert into db1.table1 values ('x','y','z');
      CREATE VIEW db2.view1 AS SELECT cola, colb, colc FROM db1.table1 WHERE cola="x"; 
      CREATE VIEW db2.view2 AS SELECT table1.cola, table1.colb, table1.colc FROM db1.table1 WHERE table1.cola NOT IN (SELECT view1.cola FROM db2.view1); 
      create view db3.view3 as select * from db2.view2
      

       If test_user has read permission for only db3 (but not db1 or db2), their query

      select * from db3.view3;

      will fail with :

      Error while compiling statement: FAILED: SemanticException No valid privileges User test_user does not have privileges for QUERY The required privileges: Server=server1->Db=db2->Table=view1->action=select; 

      WHERE IN and WHERE EXISTS cause the same issue.

      Cascading views created with no WHERE clauses (i.e. with simple SELECTs and FROM clauses) work fine.

        Attachments

        1. HIVE-20818.patch
          4 kB
          Karen Coppage
        2. HIVE-20818.6.patch
          9 kB
          Karen Coppage
        3. HIVE-20818.5.patch
          8 kB
          Karen Coppage
        4. HIVE-20818.4.patch
          5 kB
          Karen Coppage
        5. HIVE-20818.3.patch
          5 kB
          Karen Coppage
        6. HIVE-20818.2.patch
          5 kB
          Karen Coppage

          Issue Links

            Activity

              People

              • Assignee:
                klcopp Karen Coppage
                Reporter:
                klcopp Karen Coppage
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: