[
https://issues.apache.org/jira/browse/HIVE-25174?focusedWorklogId=610291&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-610291
]
ASF GitHub Bot logged work on HIVE-25174:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 14/Jun/21 07:36
Start Date: 14/Jun/21 07:36
Worklog Time Spent: 10m
Work Description: symious commented on pull request #2327:
URL: https://github.com/apache/hive/pull/2327#issuecomment-859242942
@daijyc Could you have a look at this PR?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 610291)
Time Spent: 20m (was: 10m)
> HiveMetastoreAuthorizer didn't check URI permission for AlterTableEvent
> -----------------------------------------------------------------------
>
> Key: HIVE-25174
> URL: https://issues.apache.org/jira/browse/HIVE-25174
> Project: Hive
> Issue Type: Improvement
> Reporter: Janus Chow
> Priority: Major
> Labels: pull-request-available
> Time Spent: 20m
> Remaining Estimate: 0h
>
> When Using Ranger on Hive MetaStore, we met an issue that users without
> permission to table's HDFS path succeeded in running "msck repair table
> TABLENAME".
> This command is not authorized when we use `StorageBasedAuthorizer`, after
> checking the code, we found `StorageBasedAuthorizer` would check the
> permission of table's HDFS path, while `HiveMetastoreAuthorizer` used by
> Ranger won't when dealing with the event of `AlterTableEvent`.
> This ticket is to add the URI permission check on AlterTableEvent for
> `HiveMetastoreAuthorizer`.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
