From aa0647e8df330c00d14475b68ce4201d96c06b84 Mon Sep 17 00:00:00 2001
From: Adam Szita <40628386+szlta@users.noreply.github.com>
Date: Tue, 17 May 2022 15:19:05 +0200
Subject: [PATCH] HIVE-25444: Make tables based on storage handlers
 authorization (HIVE-24705) configurable (#3290) (originally contributed by
 Sai Hemanth Gantasala, committed by Adam Szita, reviewed by Peter Vary)

---
 common/src/java/org/apache/hadoop/hive/conf/HiveConf.java      | 3 +++
 .../ql/security/authorization/command/CommandAuthorizerV2.java | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
index caf223dd91b4..a14872995b56 100644
--- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
+++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
@@ -3568,6 +3568,9 @@ public static enum ConfVars {
     HIVE_AUTHORIZATION_TASK_FACTORY("hive.security.authorization.task.factory",
         "org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactoryImpl",
         "Authorization DDL task factory implementation"),
+    HIVE_AUTHORIZATION_TABLES_ON_STORAGEHANDLERS("hive.security.authorization.tables.on.storagehandlers", true,
+        "Enables authorization on tables with custom storage handlers as implemented by HIVE-24705. " +
+        "Default setting is true. Useful for turning the feature off if the corresponding ranger patch is missing."),
 
     // if this is not set default value is set during config initialization
     // Default value can't be set in this constructor as it would refer names in other ConfVars
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java
index 191b27471f47..114d9b3186a4 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java
@@ -178,7 +178,8 @@ private static void addHivePrivObject(Entity privObject, Map<String, List<String
           tableName2Cols.get(Table.getCompleteName(table.getDbName(), table.getTableName()));
       hivePrivObject = new HivePrivilegeObject(privObjType, table.getDbName(), table.getTableName(),
           null, columns, actionType, null, null, table.getOwner(), table.getOwnerType());
-      if (table.getStorageHandler() != null) {
+      if (table.getStorageHandler() != null && HiveConf.getBoolVar(SessionState.getSessionConf(),
+          HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLES_ON_STORAGEHANDLERS)) {
         //TODO: add hive privilege object for storage based handlers for create and alter table commands.
         if (hiveOpType == HiveOperationType.CREATETABLE ||
                 hiveOpType == HiveOperationType.ALTERTABLE_PROPERTIES ||