[
https://issues.apache.org/jira/browse/HIVE-11179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15061317#comment-15061317
]
Thejas M Nair commented on HIVE-11179:
--------------------------------------
Created HIVE-12698 to track the changes to reduce exposure to hive internal
classes to general authorization implementations.
The changes should also help in reducing chances of breakage of other
authorization implementation changes with newer changes.
> HIVE should allow custom converting from HivePrivilegeObjectDesc to
> privilegeObject for different authorizers
> -------------------------------------------------------------------------------------------------------------
>
> Key: HIVE-11179
> URL: https://issues.apache.org/jira/browse/HIVE-11179
> Project: Hive
> Issue Type: Improvement
> Reporter: Dapeng Sun
> Assignee: Dapeng Sun
> Labels: Authorization
> Fix For: 1.3.0, 2.0.0
>
> Attachments: HIVE-11179.001.patch, HIVE-11179.001.patch
>
>
> HIVE should allow custom converting from HivePrivilegeObjectDesc to
> privilegeObject for different authorizers:
> There is a case in Apache Sentry: Sentry support uri and server level
> privilege, but in hive side, it uses
> {{AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc)}} to do the
> converting, and the code in {{getHivePrivilegeObject()}} only handle the
> scenes for table and database
> {noformat}
> privSubjectDesc.getTable() ? HivePrivilegeObjectType.TABLE_OR_VIEW :
> HivePrivilegeObjectType.DATABASE;
> {noformat}
> A solution is move this method to {{HiveAuthorizer}}, so that a custom
> Authorizer could enhance it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
