[HIVE-7872] StorageBasedAuthorizationProvider should check access perms of parent directory for DROP actions - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Duplicate
Affects Version/s: None
Fix Version/s: None
Component/s: Authorization
Labels:
None

Description

When dropping a table partition, StorageBasedAuthorizationProvider is checking for write permission on the partition directory itself to check if the user is allowed to drop the partition. However to delete the partition directory, you really need write perms on the parent directory of the file you are going to delete. So SBA will authorize the user to drop the partition but actually deleting the partition directory will fail if the user does not have the correct access on the table (parent) directory.

SBA should also check the parent directory for DROP actions during its auth check.

Attachments

Issue Links

is superceded by

HIVE-7895 Storage based authorization should consider sticky bit for drop actions

Closed

Activity

People

Assignee:: Thejas Nair

Reporter:: Jason Dere

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 25/Aug/14 19:22

Updated:: 30/Aug/14 00:25

Resolved:: 30/Aug/14 00:25