[ https://issues.apache.org/jira/browse/HIVE-6957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13977468#comment-13977468 ]
Thejas M Nair commented on HIVE-6957: ------------------------------------- Error looks like this {code} java.sql.SQLException: Error while compiling statement: FAILED: HiveAccessControlException Permission denied. Principal [name=us...@example.com, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.test_jdbc_sql_auth2] : [SELECT] {code} > SQL authorization does not work with HS2 binary mode and Kerberos auth > ---------------------------------------------------------------------- > > Key: HIVE-6957 > URL: https://issues.apache.org/jira/browse/HIVE-6957 > Project: Hive > Issue Type: Bug > Components: Authorization, HiveServer2 > Affects Versions: 0.13.0 > Reporter: Thejas M Nair > Assignee: Thejas M Nair > Attachments: HIVE-6957.1.patch > > > In HiveServer2, when Kerberos auth and binary transport modes are used, the > user name that gets passed on to authorization is the long kerberos username. > The username that is used in grant/revoke statements tend to be the short > usernames. > This also fails in authorizing statements that involve URI, as the > authorization mode checks the file system permissions for given user. It does > not recognize that the given long username actually owns the file or belongs > to the group that owns the file. -- This message was sent by Atlassian JIRA (v6.2#6252)