diff --git a/presto-hive/src/main/java/io/prestosql/plugin/hive/security/SqlStandardAccessControl.java b/presto-hive/src/main/java/io/prestosql/plugin/hive/security/SqlStandardAccessControl.java index 55a50964d5b9..a44541de011d 100644 --- a/presto-hive/src/main/java/io/prestosql/plugin/hive/security/SqlStandardAccessControl.java +++ b/presto-hive/src/main/java/io/prestosql/plugin/hive/security/SqlStandardAccessControl.java @@ -110,7 +110,7 @@ public void checkCanDropSchema(ConnectorTransactionHandle transaction, Connector @Override public void checkCanRenameSchema(ConnectorTransactionHandle transaction, ConnectorIdentity identity, String schemaName, String newSchemaName) { - if (!isAdmin(transaction, identity) || !isDatabaseOwner(transaction, identity, schemaName)) { + if (!isDatabaseOwner(transaction, identity, schemaName)) { denyRenameSchema(schemaName, newSchemaName); } } @@ -354,6 +354,10 @@ private boolean isDatabaseOwner(ConnectorTransactionHandle transaction, Connecto return true; } + if (isAdmin(transaction, identity)) { + return true; + } + SemiTransactionalHiveMetastore metastore = metastoreProvider.apply(((HiveTransactionHandle) transaction)); Optional databaseMetadata = metastore.getDatabase(databaseName); if (!databaseMetadata.isPresent()) { @@ -374,7 +378,11 @@ private boolean isDatabaseOwner(ConnectorTransactionHandle transaction, Connecto private boolean checkTablePermission(ConnectorTransactionHandle transaction, ConnectorIdentity identity, SchemaTableName tableName, HivePrivilege... requiredPrivileges) { - if (tableName.equals(ROLES) && !isAdmin(transaction, identity)) { + if (isAdmin(transaction, identity)) { + return true; + } + + if (tableName.equals(ROLES)) { return false; } @@ -396,6 +404,10 @@ private boolean checkTablePermission(ConnectorTransactionHandle transaction, Con private boolean hasGrantOptionForPrivilege(ConnectorTransactionHandle transaction, ConnectorIdentity identity, Privilege privilege, SchemaTableName tableName) { + if (isAdmin(transaction, identity)) { + return true; + } + SemiTransactionalHiveMetastore metastore = metastoreProvider.apply(((HiveTransactionHandle) transaction)); return listApplicableTablePrivileges( metastore, @@ -410,6 +422,7 @@ private boolean hasAdminOptionForRoles(ConnectorTransactionHandle transaction, C if (isAdmin(transaction, identity)) { return true; } + SemiTransactionalHiveMetastore metastore = metastoreProvider.apply(((HiveTransactionHandle) transaction)); Set grants = listApplicableRoles(new PrestoPrincipal(USER, identity.getUser()), metastore::listRoleGrants); Set rolesWithGrantOption = grants.stream()