Create table via spark-shell creates 4 privileges "INSERT,SELECT,UPDATE,DELETE" via table owner grants config whereas when we create an external table through hiveserver2 (using client like beeline) it doesn't create any owner privileges which is the desired condition.
Note: In Hive's hive-site.xml, the following is set:
Also the setup is kerberized and uses ranger as an authorization service.
So, when we create a table via spark-shell we shouldn't set hive.security.authorization.createtable.owner.grants in the code https://github.com/apache/hive/blob/master/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java#L625 instead it should be picked using hive-site.xml. (which is already done in CreateTableAutomaticGrants class).
The side effect of having table owner privileges set in the code, is that the TBL_PRIVS table in RDBMS is growing with every create table command.
- links to