diff --git a/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java b/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java index 37d856c..1b598d5 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java @@ -73,6 +73,7 @@ import org.apache.hadoop.hive.ql.plan.HiveOperation; import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider; import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider; +import org.apache.hadoop.hive.ql.security.authorization.plugin.AuthorizationMetaStoreFilterHook; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext; @@ -756,8 +757,15 @@ private void setAuthorizerV2Config() throws HiveException { if (conf.get(CONFIG_AUTHZ_SETTINGS_APPLIED_MARKER, "").equals(Boolean.TRUE.toString())) { return; } + String metastoreHook = conf.get(ConfVars.METASTORE_FILTER_HOOK.name()); + if (!ConfVars.METASTORE_FILTER_HOOK.getDefaultValue().equals(metastoreHook) && + !AuthorizationMetaStoreFilterHook.class.getName().equals(metastoreHook)) { + LOG.warn(ConfVars.METASTORE_FILTER_HOOK.name() + + " will be ignored, since hive.security.authorization.manager" + + " is set to instance of HiveAuthorizerFactory."); + } conf.setVar(ConfVars.METASTORE_FILTER_HOOK, - "org.apache.hadoop.hive.ql.security.authorization.plugin.AuthorizationMetaStoreFilterHook"); + AuthorizationMetaStoreFilterHook.class.getName()); authorizerV2.applyAuthorizationConfigPolicy(conf); // update config in Hive thread local as well and init the metastore client