Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-9941

sql std authorization on partitioned table: truncate and insert

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.0.0, 1.2.0
    • 2.2.0
    • Authorization
    • None

    Description

      sql std authorization works as expected.

      However if a table is partitioned any user can truncate it
      User foo:

      create table bla (a string) partitioned by (b string);
      #.. loading values ...
      

      Admin:

      0: jdbc:hive2://localhost:10000/default> set role admin;
      No rows affected (0,074 seconds)
      0: jdbc:hive2://localhost:10000/default> show grant on bla;
      +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
      | database  | table  | partition  | column  | principal_name  | principal_type  | privilege  | grant_option  |   grant_time   | grantor  |
      +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
      | default   | bla    |            |         | foo             | USER            | DELETE     | true          | 1426158997000  | foo      |
      | default   | bla    |            |         | foo             | USER            | INSERT     | true          | 1426158997000  | foo      |
      | default   | bla    |            |         | foo             | USER            | SELECT     | true          | 1426158997000  | foo      |
      | default   | bla    |            |         | foo             | USER            | UPDATE     | true          | 1426158997000  | foo      |
      +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+--+
      

      now user olaf

      0: jdbc:hive2://localhost:10000/default> select * from bla;
      Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: Principal [name=olaf, type=USER] does not have following privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, name=default.bla]] (state=42000,code=40000)
      

      works as expected.

      BUT

      0: jdbc:hive2://localhost:10000/default> truncate table bla;
      No rows affected (0,18 seconds)
      

      And table is empty afterwards.

      Similarily: insert into table works, too.

      Attachments

        1. HIVE-9941.3.patch
          9 kB
          Sushanth Sowmyan
        2. HIVE-9941.2.patch
          4 kB
          Sushanth Sowmyan
        3. HIVE-9941.patch
          2 kB
          Sushanth Sowmyan

        Issue Links

          Activity

            People

              sushanth Sushanth Sowmyan
              oflebbe Olaf Flebbe
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: