zhangda created HIVE-26449:
------------------------------
Summary: alter database set location 'xxx' command should not
check for user's admin privilege on hdfs path
Key: HIVE-26449
URL: https://issues.apache.org/jira/browse/HIVE-26449
Project: Hive
Issue Type: Bug
Components: Authorization
Affects Versions: 3.1.2
Reporter: zhangda
Attachments: Operation2Privilege.patch
alter database set location 'hdfs://xxxx' command fails with the following
error:
FAILED: HiveAccessControlException Permission denied: Principal [name=admin,
type=USER] does not have following privileges for operation
ALTERDATABASE_LOCATION [[ADMIN PRIVILEGE] on Object [type=DFS_URI,
name=hdfs://xxxx]]
It checks if the user has the admin privilege on the location path. However
only OWNER_PRIV, INSERT_NOGRANT, DELETE_NOGRANT or SELECT_NOGRANT can be
returned from getPrivilegesFromFS() function call. i.e. There's no mapping
from admin privilege to the hdfs access privilege. So I suggest using
INS_SEL_DEL_NOGRANT_AR instead of admin privilege checking. Patch is attached
for review, thanks.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
