zhangda created HIVE-26449: ------------------------------ Summary: alter database set location 'xxx' command should not check for user's admin privilege on hdfs path Key: HIVE-26449 URL: https://issues.apache.org/jira/browse/HIVE-26449 Project: Hive Issue Type: Bug Components: Authorization Affects Versions: 3.1.2 Reporter: zhangda Attachments: Operation2Privilege.patch
alter database set location 'hdfs://xxxx' command fails with the following error: FAILED: HiveAccessControlException Permission denied: Principal [name=admin, type=USER] does not have following privileges for operation ALTERDATABASE_LOCATION [[ADMIN PRIVILEGE] on Object [type=DFS_URI, name=hdfs://xxxx]] It checks if the user has the admin privilege on the location path. However only OWNER_PRIV, INSERT_NOGRANT, DELETE_NOGRANT or SELECT_NOGRANT can be returned from getPrivilegesFromFS() function call. i.e. There's no mapping from admin privilege to the hdfs access privilege. So I suggest using INS_SEL_DEL_NOGRANT_AR instead of admin privilege checking. Patch is attached for review, thanks. -- This message was sent by Atlassian Jira (v8.20.10#820010)