HIVE-25444: Make tables based on storage handlers authorization (HIVE…

…-24705) configurable (#3290) (originally contributed by Sai Hemanth Gantasala, committed by Adam Szita, reviewed by Peter Vary)

common/src/java/org/apache/hadoop/hive/conf/HiveConf.java

@@ -3568,6 +3568,9 @@ public static enum ConfVars {
     HIVE_AUTHORIZATION_TASK_FACTORY("hive.security.authorization.task.factory",
         "org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactoryImpl",
         "Authorization DDL task factory implementation"),
+    HIVE_AUTHORIZATION_TABLES_ON_STORAGEHANDLERS("hive.security.authorization.tables.on.storagehandlers", true,
+        "Enables authorization on tables with custom storage handlers as implemented by HIVE-24705. " +
+        "Default setting is true. Useful for turning the feature off if the corresponding ranger patch is missing."),
 
     // if this is not set default value is set during config initialization
     // Default value can't be set in this constructor as it would refer names in other ConfVars

ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java

@@ -178,7 +178,8 @@ private static void addHivePrivObject(Entity privObject, Map<String, List<String
           tableName2Cols.get(Table.getCompleteName(table.getDbName(), table.getTableName()));
       hivePrivObject = new HivePrivilegeObject(privObjType, table.getDbName(), table.getTableName(),
           null, columns, actionType, null, null, table.getOwner(), table.getOwnerType());
-      if (table.getStorageHandler() != null) {
+      if (table.getStorageHandler() != null && HiveConf.getBoolVar(SessionState.getSessionConf(),
+          HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLES_ON_STORAGEHANDLERS)) {
         //TODO: add hive privilege object for storage based handlers for create and alter table commands.
         if (hiveOpType == HiveOperationType.CREATETABLE ||
                 hiveOpType == HiveOperationType.ALTERTABLE_PROPERTIES ||