[jira] [Work logged] (HIVE-27195) Drop table if Exists . fails during authorization for temporary tables

Tue, 09 May 2023 03:16:06 -0700 


     [ 
https://issues.apache.org/jira/browse/HIVE-27195?focusedWorklogId=861172&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-861172
 ]

ASF GitHub Bot logged work on HIVE-27195:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 09/May/23 10:15
            Start Date: 09/May/23 10:15
    Worklog Time Spent: 10m 
      Work Description: rtrivedi12 opened a new pull request, #4304:
URL: https://github.com/apache/hive/pull/4304

   …uthorization for temporary tables
   
   This change includes authorization of the database object during the "drop 
table" command. Similar to "Create table", DB permissions should be verified in 
the case of "drop table" too. Also, In case of a temporary table drop, empty 
input, and output HivePrivilegeObject are sent to the authorizer as temporary 
tables are skipped from authorization.
   
   ### What changes were proposed in this pull request?
   Authorize write actions on the database during drop table action, and add 
the database object to the list of output objects sent for verifying privileges.
   
   
   ### Why are the changes needed?
   To prevent unauthorized users from dropping temp tables from any database
   
   ### Does this PR introduce _any_ user-facing change?
   No
   
   
   ### How was this patch tested?
   Manually
   




Issue Time Tracking
-------------------

            Worklog Id:     (was: 861172)
    Remaining Estimate: 0h
            Time Spent: 10m

> Drop table if Exists <database>.<tablename> fails during authorization for 
> temporary tables
> -------------------------------------------------------------------------------------------
>
>                 Key: HIVE-27195
>                 URL: https://issues.apache.org/jira/browse/HIVE-27195
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Riju Trivedi
>            Assignee: Riju Trivedi
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> https://issues.apache.org/jira/browse/HIVE-20051 handles skipping 
> authorization for temporary tables. But still, the drop table if Exists fails 
> with  HiveAccessControlException.
> Steps to Repro:
> {code:java}
> use test; CREATE TEMPORARY TABLE temp_table (id int);
> drop table if exists test.temp_table;
> Error: Error while compiling statement: FAILED: HiveAccessControlException 
> Permission denied: user [rtrivedi] does not have [DROP] privilege on 
> [test/temp_table] (state=42000,code=40000) {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to