From 87278a4f1f772beedb335ab16a5f60a34920dcdb Mon Sep 17 00:00:00 2001 From: thiruvel Date: Thu, 19 Dec 2013 17:11:10 -0800 Subject: [PATCH] [Bug:6602466] Do not create table if user does not have write on Database directory. --- .../StorageBasedAuthorizationProvider.java | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java index 14dcab1..59fcea9 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java @@ -101,21 +101,15 @@ public class StorageBasedAuthorizationProvider extends HiveAuthorizationProvider public void authorize(Table table, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv) throws HiveException, AuthorizationException { - // Table path can be null in the case of a new create table - in this case, - // we try to determine what the path would be after the create table is issued. - Path path = null; - try { - String location = table.getTTable().getSd().getLocation(); - if (location == null || location.isEmpty()) { - path = wh.getTablePath(hive_db.getDatabase(table.getDbName()), table.getTableName()); - } else { - path = new Path(location); - } - } catch (MetaException ex) { - throw hiveException(ex); + // To create/drop/alter a table, the owner should have WRITE permission on the database directory + authorize(hive_db.getDatabase(table.getDbName()), readRequiredPriv, writeRequiredPriv); + + // If the user has specified a location - external or not, check if the user has the + // appropriate privileges permission. + String location = table.getTTable().getSd().getLocation(); + if (location != null && !location.isEmpty()) { + authorize(new Path(location), readRequiredPriv, writeRequiredPriv); } - - authorize(path, readRequiredPriv, writeRequiredPriv); } @Override -- 1.8.5-rc3