Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-7895

Storage based authorization should consider sticky bit for drop actions

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.14.0
    • Authorization
    • None

    Description

      Storage based authorization provides access control for metadata by giving users permissions on metadata that are equivalent to the permission that user has on corresponding data.
      However, when checking the permissions to drop a metadata object such as database, table or partition, it does not check if the sticky bit is set on the parent dir of objects corresponding dir in hdfs.

      Attachments

        1. HIVE-7895.1.patch
          20 kB
          Thejas Nair
        2. HIVE-7895.2.patch
          23 kB
          Thejas Nair

        Issue Links

          is part of

          Bug - A problem which impairs or prevents the functions of the product. HIVE-6225 hive.metastore.authorization.storage.checks doesn't respect sticky bit

          • Major - Major loss of function.
          • Resolved
          supercedes

          Bug - A problem which impairs or prevents the functions of the product. HIVE-7872 StorageBasedAuthorizationProvider should check access perms of parent directory for DROP actions

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link review board

          Activity

            People

              thejas Thejas Nair
              thejas Thejas Nair
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: