zhangda created HIVE-26449:
------------------------------

             Summary: alter database set location 'xxx' command should not 
check for user's admin privilege on hdfs path
                 Key: HIVE-26449
                 URL: https://issues.apache.org/jira/browse/HIVE-26449
             Project: Hive
          Issue Type: Bug
          Components: Authorization
    Affects Versions: 3.1.2
            Reporter: zhangda
         Attachments: Operation2Privilege.patch

alter database set location 'hdfs://xxxx' command fails with the following 
error:

FAILED: HiveAccessControlException Permission denied: Principal [name=admin, 
type=USER] does not have following privileges for operation 
ALTERDATABASE_LOCATION [[ADMIN PRIVILEGE] on Object [type=DFS_URI, 
name=hdfs://xxxx]]

It checks if the user has the admin privilege on the location path.  However 
only OWNER_PRIV, INSERT_NOGRANT, DELETE_NOGRANT or SELECT_NOGRANT can be 
returned  from getPrivilegesFromFS() function call. i.e. There's no mapping 
from admin privilege to the hdfs access privilege. So I suggest using 
INS_SEL_DEL_NOGRANT_AR instead of admin privilege checking. Patch is attached 
for review, thanks.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to