Abhay created HIVE-25532:
----------------------------
Summary: Fix authorization support for Kill Query Command
Key: HIVE-25532
URL: https://issues.apache.org/jira/browse/HIVE-25532
Project: Hive
Issue Type: Bug
Components: HiveServer2
Reporter: Abhay
Assignee: Abhay
We added authorization for Kill Query command some time back with the help of
Ranger. Below is the ticket https://issues.apache.org/jira/browse/RANGER-1851
However, we have observed that this hasn't been working as expected. The Ranger
service expects Hive to send in a privilege object of the type SERVICE_NAME but
we can see below
[https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/server/KillQueryImpl.java#L131]
that it is sending an empty array list.
The Ranger service never throws an exception to this and this results in any
user being able to kill any other query even though they don't have necessary
permissions.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
