Allow view authorization to be deferred until selection time

Recall that currently Impala performs authorization with Ranger to check whether the requesting user is granted the privilege of SELECT for the underlying tables when a view is created and thus does not check whether the requesting user is granted the SELECT privilege on the underlying tables when the view is selected.

On the other hand, currently a Spark user is not allowed to directly create a view in HMS without involving the Impala frontend, because Spark clients are normal users (v.s. superusers). To relax this restriction, it would be good to allow a Spark user to directly create a view in HMS without involving the Impala frontend. However, it can be seen that the authorization check is skipped for views created in this manner since HMS currently does not possess the capability to perform the authorization. Due to this relaxation, for a view created this way, the authorization of the view needs to be carried out at the selection time to make sure the requesting user is indeed granted the SELECT privileges on the underlying tables defined in the view.

There is also a corresponding Hive JIRA at HIVE-24026. Refer to there for further details.