[HIVE-2817] Drop any table even without privilege - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.7.1, 0.8.0, 0.9.0, 0.10.0
Fix Version/s: 0.13.0
Component/s: None
Labels:
None

Hadoop Flags:

Incompatible change
Release Note:
Fix bug drop any table even without privilege

Description

You can drop any table if you use fully qualified name 'database.table' even you don't have any previlige.

hive> set hive.security.authorization.enabled=true;
hive> revoke all on default from user test_user;
hive> drop table abc;
hive> drop table abc;
Authorization failed:No privilege 'Drop' found for outputs { database:default, table:abc}. Use show grant to get more details.
hive> drop table default.abc;
OK
Time taken: 0.13 seconds

The table and the file in /usr/hive/warehouse or external file will be deleted. If you don't have hadoop access permission on /usr/hive/warehouse or external files, you will see a hadoop access error

12/02/23 15:35:35 ERROR hive.log: org.apache.hadoop.security.AccessControlException: org.apache.hadoop.security.AccessControlException: Permission denied: user=test_user, access=WRITE, inode="/user/myetl":myetl:etl:drwxr-xr-x
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-2817.D10371.1.patch
19/Apr/13 04:41
5 kB
Phabricator
HIVE-2817.D10563.1.patch
26/Apr/13 16:10
2 kB
Phabricator

Activity

People

Assignee:: Chun Chen

Reporter:: Benyi Wang

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 23/Feb/12 23:38

Updated:: 14/Apr/14 22:15

Resolved:: 14/Apr/14 22:15