[jira] [Commented] (HIVE-20818) Views created with a WHERE subquery will regard views referenced in the subquery as direct input

Mon, 19 Nov 2018 06:49:51 -0800 


    [ 
https://issues.apache.org/jira/browse/HIVE-20818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16691791#comment-16691791
 ] 

Hive QA commented on HIVE-20818:
--------------------------------



Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12948716/HIVE-20818.6.patch

{color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified.

{color:green}SUCCESS:{color} +1 due to 15546 tests passed

Test results: 
https://builds.apache.org/job/PreCommit-HIVE-Build/14986/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14986/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14986/

Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.YetusPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
{noformat}

This message is automatically generated.

ATTACHMENT ID: 12948716 - PreCommit-HIVE-Build

> Views created with a WHERE subquery will regard views referenced in the 
> subquery as direct input
> ------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-20818
>                 URL: https://issues.apache.org/jira/browse/HIVE-20818
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Karen Coppage
>            Assignee: Karen Coppage
>            Priority: Major
>         Attachments: HIVE-20818.2.patch, HIVE-20818.3.patch, 
> HIVE-20818.4.patch, HIVE-20818.5.patch, HIVE-20818.6.patch, HIVE-20818.patch
>
>
> If Hive is configured with an authorization hook like Sentry, and a view is 
> created with a WHERE clause referencing a different view' user has no access 
> to, user cannot access the view as view' is considered direct input.
> For example:
> {code:java}
> create database db1;
> create database db2;
> create database db3;
>  
> create table db1.table1 (cola string, colb string, colc string);
> insert into db1.table1 values ('a','b','c');
> insert into db1.table1 values ('x','y','z');
> CREATE VIEW db2.view1 AS SELECT cola, colb, colc FROM db1.table1 WHERE 
> cola="x"; 
> CREATE VIEW db2.view2 AS SELECT table1.cola, table1.colb, table1.colc FROM 
> db1.table1 WHERE table1.cola NOT IN (SELECT view1.cola FROM db2.view1); 
> create view db3.view3 as select * from db2.view2
> {code}
>  If test_user has read permission for only db3 (but not db1 or db2), their 
> query
> {code:java}
> select * from db3.view3;{code}
> will fail with :
> {code:java}
> Error while compiling statement: FAILED: SemanticException No valid 
> privileges User test_user does not have privileges for QUERY The required 
> privileges: Server=server1->Db=db2->Table=view1->action=select; {code}
> WHERE IN and WHERE EXISTS cause the same issue.
> Cascading views created with no WHERE clauses (i.e. with simple SELECTs and 
> FROM clauses) work fine.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to