[HIVE-25547] ALTER VIEW AS SELECT statement should create authorizable events in HiveServer2 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 4.0.0
Fix Version/s: 4.0.0-alpha-1
Component/s: None
Labels:
- pull-request-available
- release-3.1.3

Description

Consider the scenario:

-- A privileged user is doing the following actions.
Create table foo_tbl(i int);
Create table foo_bar(name string);
Create view foo_view as select * from foo_tbl;

-- An unprivileged user can do the following operation, when he/she has select privileges on foo_bar table but he/she doesn't have any privileges on foo_tbl or foo_view.
alter view foo_view as select * from foo_bar;

An unauthorized user shouldn't be able to alter the view schema when he/she doesn't have any privileges on that view.

Attachments

Issue Links

links to

GitHub Pull Request #2666

Activity

People

Assignee:: Sai Hemanth Gantasala

Reporter:: Sai Hemanth Gantasala

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Sep/21 15:55

Updated:: 11/May/23 16:59

Resolved:: 22/Oct/21 15:57

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

50m