[jira] [Work logged] (HIVE-27304) Exclude CTAS condition while forming storage handler url permissions in HS2 authorizer.

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/HIVE-27304?focusedWorklogId=861152&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-861152
 ]

ASF GitHub Bot logged work on HIVE-27304:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 09/May/23 08:59
            Start Date: 09/May/23 08:59
    Worklog Time Spent: 10m 
      Work Description: dengzhhu653 commented on code in PR #4276:
URL: https://github.com/apache/hive/pull/4276#discussion_r1188343283


##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java:
##########
@@ -201,8 +201,7 @@ private static void addHivePrivObject(Entity privObject, 
Map<String, List<String
           HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLES_ON_STORAGEHANDLERS)) {
         //TODO: add hive privilege object for storage based handlers for 
create and alter table commands.
         if (hiveOpType == HiveOperationType.CREATETABLE ||
-                hiveOpType == HiveOperationType.ALTERTABLE_PROPERTIES ||
-                hiveOpType == HiveOperationType.CREATETABLE_AS_SELECT) {

Review Comment:
   > So, we are not really reading anything from storage URL
   
   As far as I know, CTAS will read the source data from remote behind the 
scene.
   Just think aloud, how about inserting into a jdbc table, for example
   ```
   CREATE EXTERNAL TABLE default.jdbctable (DB_ID bigint)  STORED BY 
'org.apache.hive.storage.jdbc.JdbcStorageHandler'  TBLPROPERTIES (    
'hive.sql.database.type' = 'MYSQL',    'hive.sql.jdbc.driver'   = 
'com.mysql.jdbc.Driver',    'hive.sql.jdbc.url'      = 
'jdbc:mysql://somehostname3306/hive1',    'hive.sql.dbcp.username' = 'hive1',   
 'hive.sql.dbcp.password' = 'hive1',    'hive.sql.query' = 'SELECT DB_ID FROM 
DBS' ) as select * from default.hivetablefromjdbc





Issue Time Tracking
-------------------

    Worklog Id:     (was: 861152)
    Time Spent: 50m  (was: 40m)

> Exclude CTAS condition while forming storage handler url permissions in HS2 
> authorizer.
> ---------------------------------------------------------------------------------------
>
>                 Key: HIVE-27304
>                 URL: https://issues.apache.org/jira/browse/HIVE-27304
>             Project: Hive
>          Issue Type: Bug
>          Components: Hive
>            Reporter: Sai Hemanth Gantasala
>            Assignee: Sai Hemanth Gantasala
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> CTAS queries with storage handler table as source table doesn't require read 
> permissions on storage URL for the target table



--
This message was sent by Atlassian Jira
(v8.20.10#820010)