ACCESS-82 Support privilege validations for describe statement

Review Request #2896 - Created April 18, 2013 and updated

Prasad Mujumdar
old-access
master
ACCESS-82
access
Privilege validation for describe -
- Add the describe statement privilege to the requirements table 
- Capture the db/table name for describe statements in the pre-analysis hook (since they are not included in the read entities by Hive)
- Move the hive entity to authorizable conversion to top level hook. We need more things to capture one-off from the compiler structure and pass it down to hive bindings. This started to pollute the hive-binding methods as we have to add more parameters and exception logic. Hence the code to capture all required hive objects and converting those to authorizables is combined into a single layer.
Added test with various describe options
  • 0
  • 0
  • 2
  • 0
  • 2
Description From Last Updated
  1. LGTM, just a few comments below.
  2. We throw AuthzException from various locations such as getAuthzHierarchyFromEntity and in the default case, but here we catch that exception and rethrow a semantic exception? 
    1. good catch.
      Moved the code into a private method that throws AuthzException. The actual hook callback wrapps that into SemanticException which is required by hive.
  3. 
      
Review request changed
  1. Ship It!
  2. 
      
Loading...