[
https://issues.apache.org/jira/browse/HIVE-5954?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13910829#comment-13910829
]
Ashutosh Chauhan commented on HIVE-5954:
----------------------------------------
I think in most (all ?) cases full role hierarchy is required, so it may be
better to add another parameter to list_roles() thrift api to get immediate vs
all roles. That would also get rid of multiple calls that client currently
makes to server. Can you create follow-up jira to track this for future work?
Other than that looks good, +1
> SQL std auth - get_privilege_set should check role hierarchy
> ------------------------------------------------------------
>
> Key: HIVE-5954
> URL: https://issues.apache.org/jira/browse/HIVE-5954
> Project: Hive
> Issue Type: Sub-task
> Components: Authorization
> Reporter: Thejas M Nair
> Attachments: HIVE-5954.1.patch, HIVE-5954.2.patch
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> A role can belong to another role. But get_privilege_set in hive metastore
> api checks only the privileges of the immediate roles a user belongs to.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
