Details
-
Task
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
2.1.1
-
None
Description
Right now, for authorization 2, the HiveAuthorizationValidator.checkPrivileges(HiveOperationType var1, List<HivePrivilegeObject> var2, List<HivePrivilegeObject> var3, HiveAuthzContext var4) does not contain the parsed sql command string as input. Therefore, Sentry has to parse the command again.
The API should be changed to include all required information as input, so Sentry does not need to parse the sql command string again.
known situations:
1) when dropping a database which does not exist, hive should not call sentry or it calls sentry with database name as input
2) when creating function, hive should provide UDF class name as input.
3) When dropping function, hive should provide UDF class name as input.
4) When dropping a table which does not exist, hive should not call sentry or it calls sentry with database name and table name as input.
5) In any situation that the command should succeeds and hive does not provide required info to sentry, hive should not call sentry at all because sentry will throw exception when required info is not available from input.
Attachments
Attachments
Issue Links
- blocks
-
SENTRY-1971 Hive integration for auth-2 should handle creating function properly
- Open
- links to