Drop any table even without privilege
-------------------------------------
Key: HIVE-2817
URL: https://issues.apache.org/jira/browse/HIVE-2817
Project: Hive
Issue Type: Bug
Affects Versions: 0.7.1
Reporter: Benyi Wang
You can drop any table if you use fully qualified name 'database.table' even
you don't have any previlige.
{code}
hive> set hive.security.authorization.enabled=true;
hive> revoke all on default from user test_user;
hive> drop table abc;
hive> drop table abc;
Authorization failed:No privilege 'Drop' found for outputs { database:default,
table:abc}. Use show grant to get more details.
hive> drop table default.abc;
OK
Time taken: 0.13 seconds
{code}
The table and the file in {{/usr/hive/warehouse}} or external file will be
deleted. If you don't have hadoop access permission on {{/usr/hive/warehouse}}
or external files, you will see a hadoop access error
{code}
12/02/23 15:35:35 ERROR hive.log:
org.apache.hadoop.security.AccessControlException:
org.apache.hadoop.security.AccessControlException: Permission denied:
user=test_user, access=WRITE, inode="/user/myetl":myetl:etl:drwxr-xr-x
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
