Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-9681

Extend HiveAuthorizationProvider to support partition-sets.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.14.0
    • 1.2.0
    • Security
    • None

    Description

      HiveAuthorizationProvider allows only for the authorization of a single partition at a time. For instance, when the StorageBasedAuthProvider must authorize an operation on a set of partitions (say from a PreDropPartitionEvent), each partition's data-directory needs to be checked individually. For N partitions, this results in N namenode calls.

      I'd like to add authorize() overloads that accept multiple partitions. This will allow StorageBasedAuthProvider to make batched namenode calls.

      P.S. There's 2 further optimizations that are possible:

      1. In the ideal case, we'd have a single call in org.apache.hadoop.fs.FileSystem to check access for an array of Paths, something like:

      FileSystem.java
      @InterfaceAudience.LimitedPrivate({"HDFS", "Hive"})
        public void access(Path [] paths, FsAction mode) throws AccessControlException, FileNotFoundException, IOException 
      {...}
      

      2. We can go one better if we could retrieve partition-locations in DirectSQL and use those for authorization. The EventListener-abstraction behind which the AuthProviders operate make this difficult. I can attempt to solve this using a PartitionSpec and a call-back into the ObjectStore from StorageBasedAuthProvider. I'll save this rigmarole for later.

      Attachments

        1. HIVE-9681.1.patch
          7 kB
          Mithun Radhakrishnan
        2. HIVE-9681.2.patch
          6 kB
          Mithun Radhakrishnan

        Issue Links

          Activity

            People

              mithun Mithun Radhakrishnan
              mithun Mithun Radhakrishnan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: