[
https://issues.apache.org/jira/browse/HIVE-11901?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14968373#comment-14968373
]
Thejas M Nair commented on HIVE-11901:
--------------------------------------
[~chengbing.liu] Thanks for adding the tests for the case where
StorageBasedAuthorization is used in the client side.
Can you also please add a test case for StorageBasedAuthorization when used in
metastore server, as that is the recommended mode for StorageBasedAuthorization
?
A quick way would be to add this to
TestStorageBasedMetastoreAuthorizationReads.java -
{code}
@Test
public void testReadTableSuccessWithReadOnly() throws Exception {
readTableByOtherUser("-r--r--r--", true);
}
{code}
> StorageBasedAuthorizationProvider requires write permission on table for
> SELECT statements
> ------------------------------------------------------------------------------------------
>
> Key: HIVE-11901
> URL: https://issues.apache.org/jira/browse/HIVE-11901
> Project: Hive
> Issue Type: Bug
> Components: Authorization
> Affects Versions: 1.2.1
> Reporter: Chengbing Liu
> Assignee: Chengbing Liu
> Attachments: HIVE-11901.01.patch, HIVE-11901.02.patch
>
>
> With HIVE-7895, it will require write permission on the table directory even
> for a SELECT statement.
> Looking at the stacktrace, it seems the method
> {{StorageBasedAuthorizationProvider#authorize(Table table, Partition part,
> Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv)}} always treats
> a null partition as a CREATE statement, which can also be a SELECT.
> We may have to check {{readRequiredPriv}} and {{writeRequiredPriv}} first
> in order to tell which statement it is.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
