Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
HIVE should allow custom converting from HivePrivilegeObjectDesc to privilegeObject for different authorizers:
There is a case in Apache Sentry: Sentry support uri and server level privilege, but in hive side, it uses AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc) to do the converting, and the code in getHivePrivilegeObject() only handle the scenes for table and database
privSubjectDesc.getTable() ? HivePrivilegeObjectType.TABLE_OR_VIEW : HivePrivilegeObjectType.DATABASE;
A solution is move this method to HiveAuthorizer, so that a custom Authorizer could enhance it.
Attachments
Attachments
Issue Links
- is related to
-
HIVE-12698 Remove exposure to internal privilege and principal classes in HiveAuthorizer
- Closed