[
https://issues.apache.org/jira/browse/HIVE-17544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16190296#comment-16190296
]
Sergio Peña commented on HIVE-17544:
------------------------------------
The patch looks good.
+1
> Provide classname info for function authorization
> -------------------------------------------------
>
> Key: HIVE-17544
> URL: https://issues.apache.org/jira/browse/HIVE-17544
> Project: Hive
> Issue Type: Task
> Components: Authorization
> Affects Versions: 2.1.1
> Reporter: Na Li
> Assignee: Aihua Xu
> Priority: Critical
> Attachments: HIVE-17544.1.patch, HIVE-17544.2.patch,
> HIVE-17544.3.patch
>
>
> Right now, for authorization 2, the
> HiveAuthorizationValidator.checkPrivileges(HiveOperationType var1,
> List<HivePrivilegeObject> var2, List<HivePrivilegeObject> var3,
> HiveAuthzContext var4) does not contain the parsed sql command string as
> input. Therefore, Sentry has to parse the command again.
> The API should be changed to include all required information as input, so
> Sentry does not need to parse the sql command string again.
> known situations:
> 1) when dropping a database which does not exist, hive should not call sentry
> or it calls sentry with database name as input
> 2) when creating function, hive should provide UDF class name as input.
> 3) When dropping function, hive should provide UDF class name as input.
> 4) When dropping a table which does not exist, hive should not call sentry or
> it calls sentry with database name and table name as input.
> 5) In any situation that the command should succeeds and hive does not
> provide required info to sentry, hive should not call sentry at all because
> sentry will throw exception when required info is not available from input.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
