[jira] [Work logged] (HIVE-25214) Add hive authorization support for Data connectors.

Fri, 09 Jul 2021 14:28:06 -0700 


     [ 
https://issues.apache.org/jira/browse/HIVE-25214?focusedWorklogId=621188&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-621188
 ]

ASF GitHub Bot logged work on HIVE-25214:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 09/Jul/21 21:27
            Start Date: 09/Jul/21 21:27
    Worklog Time Spent: 10m 
      Work Description: dantongdong commented on a change in pull request #2384:
URL: https://github.com/apache/hive/pull/2384#discussion_r667219378



##########
File path: 
standalone-metastore/metastore-server/src/main/sql/derby/upgrade-3.2.0-to-4.0.0.derby.sql
##########
@@ -148,15 +148,21 @@ ALTER TABLE COMPLETED_COMPACTIONS ADD 
CC_INITIATOR_VERSION varchar(128);
 ALTER TABLE COMPLETED_COMPACTIONS ADD CC_WORKER_VERSION varchar(128);
 
 -- HIVE-24396
-CREATE TABLE "APP"."DATACONNECTORS" ("DC_NAME" VARCHAR(128) NOT NULL, "TYPE" 
VARCHAR(128) NOT NULL, "COMMENT" VARCHAR(256), "OWNER_NAME" VARCHAR(256), 
"OWNER_TYPE" VARCHAR(10), "CREATE_TIME" INTEGER NOT NULL);
-CREATE TABLE "APP"."DATACONNECTOR_PARAMS" ("DC_NAME" VARCHAR(128) NOT NULL, 
"PARAM_KEY" VARCHAR(180) NOT NULL, "PARAM_VALUE" VARCHAR(4000), "COMMENT" 
VARCHAR(256));
+CREATE TABLE "APP"."DATACONNECTORS" ("NAME" VARCHAR(128) NOT NULL, "TYPE" 
VARCHAR(128) NOT NULL, "COMMENT" VARCHAR(256), "OWNER_NAME" VARCHAR(256), 
"OWNER_TYPE" VARCHAR(10), "CREATE_TIME" INTEGER NOT NULL);
+CREATE TABLE "APP"."DATACONNECTOR_PARAMS" ("NAME" VARCHAR(128) NOT NULL, 
"PARAM_KEY" VARCHAR(180) NOT NULL, "PARAM_VALUE" VARCHAR(4000), "COMMENT" 
VARCHAR(256));
 ALTER TABLE "APP"."DBS" ADD COLUMN "TYPE" VARCHAR(32) DEFAULT 'NATIVE' NOT 
NULL;
 ALTER TABLE "APP"."DBS" ADD COLUMN "DATACONNECTOR_NAME" VARCHAR(128);
 ALTER TABLE "APP"."DBS" ADD COLUMN "REMOTE_DBNAME" VARCHAR(128);
 UPDATE "APP"."DBS" SET TYPE='NATIVE' WHERE TYPE IS NULL;
-ALTER TABLE "APP"."DATACONNECTORS" ADD CONSTRAINT "DATACONNECTORS_KEY_PK" 
PRIMARY KEY ("DC_NAME");
-ALTER TABLE "APP"."DATACONNECTOR_PARAMS" ADD CONSTRAINT 
"DATACONNECTOR_PARAMS_KEY_PK" PRIMARY KEY ("DC_NAME", "PARAM_KEY");
-ALTER TABLE "APP"."DATACONNECTOR_PARAMS" ADD CONSTRAINT "DC_NAME_FK1" FOREIGN 
KEY ("DC_NAME") REFERENCES "APP"."DATACONNECTORS" ("DC_NAME") ON DELETE NO 
ACTION ON UPDATE NO ACTION;
+ALTER TABLE "APP"."DATACONNECTORS" ADD CONSTRAINT "DATACONNECTORS_KEY_PK" 
PRIMARY KEY ("NAME");
+ALTER TABLE "APP"."DATACONNECTOR_PARAMS" ADD CONSTRAINT 
"DATACONNECTOR_PARAMS_KEY_PK" PRIMARY KEY ("NAME", "PARAM_KEY");
+ALTER TABLE "APP"."DATACONNECTOR_PARAMS" ADD CONSTRAINT "NAME_FK1" FOREIGN KEY 
("NAME") REFERENCES "APP"."DATACONNECTORS" ("NAME") ON DELETE NO ACTION ON 
UPDATE NO ACTION;
+
+CREATE TABLE "APP"."DC_PRIVS" ("DC_GRANT_ID" BIGINT NOT NULL, "CREATE_TIME" 
INTEGER NOT NULL, "DC_NAME" VARCHAR(128), "GRANT_OPTION" SMALLINT NOT NULL, 
"GRANTOR" VARCHAR(128), "GRANTOR_TYPE" VARCHAR(128), "PRINCIPAL_NAME" 
VARCHAR(128), "PRINCIPAL_TYPE" VARCHAR(128), "DC_PRIV" VARCHAR(128), 
"AUTHORIZER" VARCHAR(128));

Review comment:
       Good catch. We will use NAME for both DATACONNECTOR, 
DATACONNECTOR_PARAMS, and DC_PRIVS. Will change.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 621188)
    Time Spent: 40m  (was: 0.5h)

> Add hive authorization support for Data connectors.
> ---------------------------------------------------
>
>                 Key: HIVE-25214
>                 URL: https://issues.apache.org/jira/browse/HIVE-25214
>             Project: Hive
>          Issue Type: Sub-task
>            Reporter: Naveen Gangam
>            Assignee: Dantong Dong
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> We need to add authorization support for data connectors in hive. The default 
> behavior should be
> 1) Connectors can be create/dropped by users in admin role.
> 2) Connectors have READ and WRITE permissions.
> *   READ permissions are required to fetch a connector object or fetch all 
> connector names. So to create a REMOTE database using a connector, users will 
> need READ permission on the connector. DDL queries like "show connectors" and 
> "describe <connector>" will check for read access on the connector as well.
> *   WRITE permissions are required to alter/drop a connector. DDL queries 
> like "alter connector" and "drop connector" will need WRITE access on the 
> connector.
> Adding this support, Ranger can integrate with this.
>    



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to