Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-9941

sql std authorization on partitioned table: truncate and insert

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.0, 1.2.0
    • Fix Version/s: 2.2.0
    • Component/s: Authorization
    • Labels:
      None
    • Target Version/s:

      Description

      sql std authorization works as expected.

      However if a table is partitioned any user can truncate it
      User foo:

      create table bla (a string) partitioned by (b string);
      #.. loading values ...
      

      Admin:

      0: jdbc:hive2://localhost:10000/default> set role admin;
      No rows affected (0,074 seconds)
      0: jdbc:hive2://localhost:10000/default> show grant on bla;
      +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
      | database  | table  | partition  | column  | principal_name  | principal_type  | privilege  | grant_option  |   grant_time   | grantor  |
      +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
      | default   | bla    |            |         | foo             | USER            | DELETE     | true          | 1426158997000  | foo      |
      | default   | bla    |            |         | foo             | USER            | INSERT     | true          | 1426158997000  | foo      |
      | default   | bla    |            |         | foo             | USER            | SELECT     | true          | 1426158997000  | foo      |
      | default   | bla    |            |         | foo             | USER            | UPDATE     | true          | 1426158997000  | foo      |
      +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
      

      now user olaf

      0: jdbc:hive2://localhost:10000/default> select * from bla;
      Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: Principal [name=olaf, type=USER] does not have following privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, name=default.bla]] (state=42000,code=40000)
      

      works as expected.

      BUT

      0: jdbc:hive2://localhost:10000/default> truncate table bla;
      No rows affected (0,18 seconds)
      

      And table is empty afterwards.

      Similarily: insert into table works, too.

        Attachments

        1. HIVE-9941.3.patch
          9 kB
          Sushanth Sowmyan
        2. HIVE-9941.2.patch
          4 kB
          Sushanth Sowmyan
        3. HIVE-9941.patch
          2 kB
          Sushanth Sowmyan

          Issue Links

            Activity

              People

              • Assignee:
                sushanth Sushanth Sowmyan
                Reporter:
                oflebbe Olaf Flebbe
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: