Hive
  1. Hive
  2. HIVE-5837 SQL standard based secure authorization for hive
  3. HIVE-6371

sql std auth - revoke privileges api in metastore should check grantor user

    Details

    • Type: Sub-task Sub-task
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Authorization
    • Labels:
      None

      Description

      revoke privilege statement should remove only the privileges granted by the user who is running the command. But the metastore api does not restrict the privileges being dropped by the grantor field of the privilege.
      This should be supported through metastore api.

        Activity

        Hide
        Thejas M Nair added a comment -

        Thanks to Jason Dere for going through this issue and identifying the roadblocks.

        Show
        Thejas M Nair added a comment - Thanks to Jason Dere for going through this issue and identifying the roadblocks.
        Hide
        Thejas M Nair added a comment -

        There is no clear way to implement this because SQL standard authorization is supporting multiple concurrent roles. So the 'grantor' who granted the privilege is not clear.

        Show
        Thejas M Nair added a comment - There is no clear way to implement this because SQL standard authorization is supporting multiple concurrent roles. So the 'grantor' who granted the privilege is not clear.

          People

          • Assignee:
            Unassigned
            Reporter:
            Thejas M Nair
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 24h
              24h
              Remaining:
              Remaining Estimate - 24h
              24h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development