hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Panagiotis Garefalakis (Jira)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-23352) More user friendly StorageAuthorizationProvider log messages
Date Sun, 03 May 2020 12:22:00 GMT

    [ https://issues.apache.org/jira/browse/HIVE-23352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17098411#comment-17098411
] 

Panagiotis Garefalakis commented on HIVE-23352:
-----------------------------------------------

Hey [~thejas] – the behaviour is indeed correct (i.e., if we would really want to disable
authorization for external tables we could have set _hive.metastore.authorization.storage.check.externaltable.drop_
 to *false*)

However, I find the messages a bit confusing.
As a first step, we could make messages distinguish permissions over dirs/paths versus tables
– as in when dropping an external table we are not really deleting a path (see LOG message
above), only the metadata, so the user should know that its a table permission issue and not
a dir permission issue.

> More user friendly StorageAuthorizationProvider log messages
> ------------------------------------------------------------
>
>                 Key: HIVE-23352
>                 URL: https://issues.apache.org/jira/browse/HIVE-23352
>             Project: Hive
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: 4.0.0
>            Reporter: Panagiotis Garefalakis
>            Priority: Minor
>
> Currently *StorageBasedAuthorizationProvider* returns messages (like below) about data
paths even for _External_ tables where a drop command would just remove metadata. Lets make
those messages more user-friendly.
> {code:java}
> Permission Denied: User hive can't delete hdfs://XXX.com:8020/tmp/testuser because sticky
bit is set on the parent dir and user does not own this file or its parent)
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message