[
https://issues.apache.org/jira/browse/RANGER-2329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
peng bo updated RANGER-2329:
----------------------------
Description:
a. assign select permission to user1 for database A with table * and hive
Column *
b. login user1 by beeline
c. type 'show databases', error shows
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [hadoop] does not have [USE] privilege on [*]
(state=42000,code=40000)
The cause:
It seems to be a regression introduced by
[RANGER-1766|https://issues.apache.org/jira/browse/RANGER-1766]:
{code:java}
public class RangerHiveResource extends RangerAccessResourceImpl {
public RangerHiveResource(HiveObjectType objectType, String
databaseorUrl, String tableOrUdf, String column) {
case DATABASE:
if (databaseorUrl == null) {
databaseorUrl = "*";
}
{code}
This code applies on "show databases" as well which prevents the according
RangerPolicyEvaluator from being returned.
was:
a. assign select permission to user1 for database A with table * and hive
Column *
b. login user1 by beeline
c. type 'show databases', error shows
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [hadoop] does not have [USE] privilege on [*]
(state=42000,code=40000)
The cause:
It seems to be a regression introduced by
[RANGER-1766|https://issues.apache.org/jira/browse/RANGER-1766]:
{code:java}
case DATABASE:
if (databaseorUrl == null) {
databaseorUrl = "*";
}
{code}
This code applies on "show databases" as well which prevents the according
RangerPolicyEvaluator from being returned.
> [Hive Plugin] show databases denied although user has access to some databases
> ------------------------------------------------------------------------------
>
> Key: RANGER-2329
> URL: https://issues.apache.org/jira/browse/RANGER-2329
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Affects Versions: 1.0.0, 1.2.0
> Reporter: peng bo
> Priority: Major
> Labels: patch
> Fix For: 1.0.0
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> a. assign select permission to user1 for database A with table * and hive
> Column *
> b. login user1 by beeline
> c. type 'show databases', error shows
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [hadoop] does not have [USE] privilege on [*]
> (state=42000,code=40000)
> The cause:
> It seems to be a regression introduced by
> [RANGER-1766|https://issues.apache.org/jira/browse/RANGER-1766]:
> {code:java}
> public class RangerHiveResource extends RangerAccessResourceImpl {
> public RangerHiveResource(HiveObjectType objectType, String
> databaseorUrl, String tableOrUdf, String column) {
> case DATABASE:
> if (databaseorUrl == null) {
> databaseorUrl = "*";
> }
> {code}
> This code applies on "show databases" as well which prevents the according
> RangerPolicyEvaluator from being returned.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
