[jira] [Comment Edited] (HIVE-13991) Union All on view fail with no valid permission on underneath table

Thu, 23 Jun 2016 08:10:48 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-13991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15346513#comment-15346513
 ] 

Yongzhi Chen edited comment on HIVE-13991 at 6/23/16 3:09 PM:
--------------------------------------------------------------

[~aihuaxu], how about the review? Thanks
>From following analyzeInternal code, there are many step in the analyze:
First step is generate resolved parse tree, second step is Generate Op tree...
{noformat}
void analyzeInternal(ASTNode ast, PlannerContext plannerCtx) throws 
SemanticException {
    // 1. Generate Resolved Parse tree from syntax tree
    LOG.info("Starting Semantic Analysis");
    if (!genResolvedParseTree(ast, plannerCtx)) {
      return;
    }

    // 2. Gen OP Tree from resolved Parse Tree
    Operator sinkOp = genOPTree(ast, plannerCtx);

    // 3. Deduce Resultset Schema
    if (createVwDesc != null) {
      resultSchema = 
convertRowSchemaToViewSchema(opParseCtx.get(sinkOp).getRowResolver());
    } else {
{noformat}
Only ReadEntities generated during genResolvedParseTree are directly related to 
the query and should be used by sentry to check permissions. And ,in this step, 
the ReadEntity without parents should be treated as ReadEntity with direct 
reference to table and should be merged with ReadEntity with same name. 
ReadEntity generated in other steps is for intermediate node and partially 
calculated without view's information, so these ReadEntity should not be merged 
if isDirect is true if without parents. mergeIsDirect is used to tell first 
step from other steps.


was (Author: ychena):
[~aihuaxu], how about the review? Thanks

> Union All on view fail with no valid permission on underneath table
> -------------------------------------------------------------------
>
>                 Key: HIVE-13991
>                 URL: https://issues.apache.org/jira/browse/HIVE-13991
>             Project: Hive
>          Issue Type: Bug
>          Components: Query Planning
>            Reporter: Yongzhi Chen
>            Assignee: Yongzhi Chen
>         Attachments: HIVE-13991.1.patch, HIVE-13991.2.patch
>
>
> When sentry is enabled. 
> create view V as select * from T;
> When the user has read permission on view V, but does not have read 
> permission on table T,
> select * from V union all select * from V 
> failed with:
> {noformat}
> 0: jdbc:hive2://********> select * from s07view union all select * from 
> s07view limit 1;
> Error: Error while compiling statement: FAILED: SemanticException No valid 
> privileges
>  Required privileges for this query: 
> Server=server1->Db=default->Table=sample_07->action=select; 
> (state=42000,code=40000)
> {noformat} 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to