diff --git a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java index b74e5fa..44cecd2 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java @@ -34,9 +34,6 @@ import java.util.Set; import java.util.concurrent.locks.ReentrantLock; -import org.apache.commons.lang.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.apache.hadoop.fs.FSDataInputStream; import org.apache.hadoop.hive.common.ValidTxnList; import org.apache.hadoop.hive.conf.HiveConf; @@ -120,6 +117,10 @@ import org.apache.hadoop.mapred.JobClient; import org.apache.hadoop.mapred.JobConf; +import org.apache.commons.lang.StringUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + public class Driver implements CommandProcessor { static final private String CLASS_NAME = Driver.class.getName(); @@ -792,7 +793,10 @@ private static void doAuthorizationV2(SessionState ss, HiveOperation op, HashSet for(Entity privObject : privObjects){ HivePrivilegeObjectType privObjType = AuthorizationUtils.getHivePrivilegeObjectType(privObject.getType()); - + if(privObject.isDummy()) { + //do not authorize dummy readEntity or writeEntity + continue; + } if(privObject instanceof ReadEntity && !((ReadEntity)privObject).isDirect()){ // In case of views, the underlying views or tables are not direct dependencies // and are not used for authorization checks. diff --git a/ql/src/test/queries/clientpositive/authorization_1.q b/ql/src/test/queries/clientpositive/authorization_1.q index d5fd2ec..5336dcf 100644 --- a/ql/src/test/queries/clientpositive/authorization_1.q +++ b/ql/src/test/queries/clientpositive/authorization_1.q @@ -4,6 +4,9 @@ create table src_autho_test as select * from src; set hive.security.authorization.enabled=true; +--select dummy table +select 1; + --table grant to user grant select on table src_autho_test to user hive_test_user; diff --git a/ql/src/test/results/clientpositive/authorization_1.q.out b/ql/src/test/results/clientpositive/authorization_1.q.out index f9f1b34..e320a82 100644 --- a/ql/src/test/results/clientpositive/authorization_1.q.out +++ b/ql/src/test/results/clientpositive/authorization_1.q.out @@ -12,6 +12,17 @@ POSTHOOK: type: CREATETABLE_AS_SELECT POSTHOOK: Input: default@src POSTHOOK: Output: database:default POSTHOOK: Output: default@src_autho_test +PREHOOK: query: --select dummy table +select 1 +PREHOOK: type: QUERY +PREHOOK: Input: _dummy_database@_dummy_table +#### A masked pattern was here #### +POSTHOOK: query: --select dummy table +select 1 +POSTHOOK: type: QUERY +POSTHOOK: Input: _dummy_database@_dummy_table +#### A masked pattern was here #### +1 PREHOOK: query: --table grant to user grant select on table src_autho_test to user hive_test_user