Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-9681

Extend HiveAuthorizationProvider to support partition-sets.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.14.0
    • Fix Version/s: 1.2.0
    • Component/s: Security
    • Labels:
      None

      Description

      HiveAuthorizationProvider allows only for the authorization of a single partition at a time. For instance, when the StorageBasedAuthProvider must authorize an operation on a set of partitions (say from a PreDropPartitionEvent), each partition's data-directory needs to be checked individually. For N partitions, this results in N namenode calls.

      I'd like to add authorize() overloads that accept multiple partitions. This will allow StorageBasedAuthProvider to make batched namenode calls.

      P.S. There's 2 further optimizations that are possible:

      1. In the ideal case, we'd have a single call in org.apache.hadoop.fs.FileSystem to check access for an array of Paths, something like:

      FileSystem.java
      @InterfaceAudience.LimitedPrivate({"HDFS", "Hive"})
        public void access(Path [] paths, FsAction mode) throws AccessControlException, FileNotFoundException, IOException 
      {...}
      

      2. We can go one better if we could retrieve partition-locations in DirectSQL and use those for authorization. The EventListener-abstraction behind which the AuthProviders operate make this difficult. I can attempt to solve this using a PartitionSpec and a call-back into the ObjectStore from StorageBasedAuthProvider. I'll save this rigmarole for later.

        Attachments

        1. HIVE-9681.2.patch
          6 kB
          Mithun Radhakrishnan
        2. HIVE-9681.1.patch
          7 kB
          Mithun Radhakrishnan

          Issue Links

            Activity

              People

              • Assignee:
                mithun Mithun Radhakrishnan
                Reporter:
                mithun Mithun Radhakrishnan
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: