[
https://issues.apache.org/jira/browse/RANGER-2664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16988998#comment-16988998
]
Ramesh Mani commented on RANGER-2664:
-------------------------------------
[~starphin] For "Show database" user just need any permission on Database to
get authorized.
filterListCmdObjects should be filtering out the database which user don't have
access to. This is the behavior.
Ranger has HMS plugin which will be used for filtering the metastore api calls.
Are you referring to beeline HiveSever2 api calls or HMS api calls? In which
version of Ranger you are verifying this?
> filterListCmdObjects does not work in sql 'show databases'
> ----------------------------------------------------------
>
> Key: RANGER-2664
> URL: https://issues.apache.org/jira/browse/RANGER-2664
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: star
> Priority: Major
> Attachments: ranger-2664.patch
>
>
> In hive plugin, when execute sql 'show databases',
> privilege HiveAccessType.USE is required on database '*'. If it is
> authorized USE privilege, all database will be showed. If not, the sql will
> be stuck when checking privilege.
> To solve the problem, just let the sql 'show databases' pass through when
> METASTORE_FILTER_HOOK is set as AuthorizationMetaStoreFilterHook. Privilege
> HiveAccessType.USE is not required on database '*'.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
