diff --git a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java index 9bff08f..befce8e 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java @@ -36,6 +36,7 @@ import java.util.concurrent.TimeUnit; import java.util.concurrent.locks.ReentrantLock; +import com.google.common.collect.Sets; import org.apache.commons.lang.StringUtils; import org.apache.hadoop.mapreduce.MRJobConfig; import org.slf4j.Logger; @@ -596,12 +597,27 @@ private String getExplainOutput(BaseSemanticAnalyzer sem, QueryPlan plan, */ public static void doAuthorization(BaseSemanticAnalyzer sem, String command) throws HiveException, AuthorizationException { - HashSet inputs = sem.getInputs(); - HashSet outputs = sem.getOutputs(); SessionState ss = SessionState.get(); HiveOperation op = ss.getHiveOperation(); Hive db = sem.getDb(); + Set additionalInputs = new HashSet(); + for (Entity e : sem.getInputs()) { + if (e.getType() == Entity.Type.PARTITION) { + additionalInputs.add(new ReadEntity(e.getTable())); + } + } + + Set additionalOutputs = new HashSet(); + for (Entity e : sem.getOutputs()) { + if (e.getType() == Entity.Type.PARTITION) { + additionalOutputs.add(new WriteEntity(e.getTable(), WriteEntity.WriteType.DDL_NO_LOCK)); + } + } + + Set inputs = Sets.union(sem.getInputs(), additionalInputs); + Set outputs = Sets.union(sem.getOutputs(), additionalOutputs); + if (ss.isAuthorizationModeV2()) { // get mapping of tables to columns used ColumnAccessInfo colAccessInfo = sem.getColumnAccessInfo(); @@ -798,8 +814,8 @@ private static void getTablePartitionUsedColumns(HiveOperation op, BaseSemanticA } } - private static void doAuthorizationV2(SessionState ss, HiveOperation op, HashSet inputs, - HashSet outputs, String command, Map> tab2cols, + private static void doAuthorizationV2(SessionState ss, HiveOperation op, Set inputs, + Set outputs, String command, Map> tab2cols, Map> updateTab2Cols) throws HiveException { /* comment for reviewers -> updateTab2Cols needed to be separate from tab2cols because if I @@ -819,7 +835,7 @@ private static void doAuthorizationV2(SessionState ss, HiveOperation op, HashSet } private static List getHivePrivObjects( - HashSet privObjects, Map> tableName2Cols) { + Set privObjects, Map> tableName2Cols) { List hivePrivobjs = new ArrayList(); if(privObjects == null){ return hivePrivobjs;