[
https://issues.apache.org/jira/browse/HIVE-15120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16260574#comment-16260574
]
Gaurav Shah commented on HIVE-15120:
------------------------------------
[~daijy] trying to create external table from S3 with readonly permissions. It
throws up 403. Is there a way to disable write access check for external table
create ?
> Storage based auth: allow option to enforce write checks for external tables
> ----------------------------------------------------------------------------
>
> Key: HIVE-15120
> URL: https://issues.apache.org/jira/browse/HIVE-15120
> Project: Hive
> Issue Type: Bug
> Components: Authorization
> Reporter: Thejas M Nair
> Assignee: Daniel Dai
> Labels: TODOC1.3, TODOC2.2
> Fix For: 1.3.0, 2.2.0
>
> Attachments: HIVE-15120.1.patch, HIVE-15120.2.patch,
> HIVE-15120.3.patch, HIVE-15120.4.patch
>
>
> Under storage based authorization, we don't require write permissions on
> table directory for external table create/drop.
> This is because external table contents are populated often from outside of
> hive and are not written into from hive. So write access is not needed. Also,
> we can't require write permissions to drop a table if we don't require them
> for creation (users who created them should be able to drop them).
> However, this difference in behavior of external tables is not well
> documented. So users get surprised to learn that drop table can be done by
> just any user who has read access to the directory. At that point changing
> the large number of scripts that use external tables is hard.
> It would be good to have a user config option to have external tables to be
> treated same as managed tables.
> The option should be off by default, so that the behavior is backward
> compatible by default.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
