HIVE-28736:Remove DFS_URI authorization for CREATE_TABLE event with n… #5689
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…o explicit LOCATION
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…o explicit LOCATION
What changes were proposed in this pull request?
This update ensures that DFS_URI authorization is triggered only when necessary during the CREATE TABLE command. Specifically:
For managed table creation, DFS_URI authorization is skipped if the location is under the default managed DB location.
For external table creation, DFS_URI authorization is skipped if the table location is under the default external DB location.
Why are the changes needed?
This prevents unnecessary DFS_URI authorization for tables created within default DB locations, and adding extra policies in Ranger for query execution from external clients like Spark.
Does this PR introduce any user-facing change?
Yes, After this change, users will no longer need the DFS_URI policy for tables that are created in the default managed DB location (for managed tables) or the default external DB location (for external tables).
Is the change a dependency upgrade?
No
How was this patch tested?
Changes were verified by running the CREATE table command from Spark sql.