diff --git a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java index b74e5fa..e8ee6ce 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java @@ -792,7 +792,10 @@ private static void doAuthorizationV2(SessionState ss, HiveOperation op, HashSet for(Entity privObject : privObjects){ HivePrivilegeObjectType privObjType = AuthorizationUtils.getHivePrivilegeObjectType(privObject.getType()); - + if(privObject.isDummy()) { + //do not authorize dummy readEntity or writeEntity + continue; + } if(privObject instanceof ReadEntity && !((ReadEntity)privObject).isDirect()){ // In case of views, the underlying views or tables are not direct dependencies // and are not used for authorization checks. diff --git a/ql/src/test/queries/clientpositive/authorization_1_sql_std.q b/ql/src/test/queries/clientpositive/authorization_1_sql_std.q index 82896a4..b7b6710 100644 --- a/ql/src/test/queries/clientpositive/authorization_1_sql_std.q +++ b/ql/src/test/queries/clientpositive/authorization_1_sql_std.q @@ -6,6 +6,10 @@ set user.name=hive_admin_user; create table src_autho_test (key STRING, value STRING) ; set hive.security.authorization.enabled=true; + +--select dummy table +select 1; + set role ADMIN; --table grant to user diff --git a/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out b/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out index 44c2fbd..2315fd4 100644 --- a/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out +++ b/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out @@ -6,6 +6,17 @@ POSTHOOK: query: create table src_autho_test (key STRING, value STRING) POSTHOOK: type: CREATETABLE POSTHOOK: Output: database:default POSTHOOK: Output: default@src_autho_test +PREHOOK: query: --select dummy table +select 1 +PREHOOK: type: QUERY +PREHOOK: Input: _dummy_database@_dummy_table +#### A masked pattern was here #### +POSTHOOK: query: --select dummy table +select 1 +POSTHOOK: type: QUERY +POSTHOOK: Input: _dummy_database@_dummy_table +#### A masked pattern was here #### +1 PREHOOK: query: set role ADMIN PREHOOK: type: SHOW_ROLES POSTHOOK: query: set role ADMIN