[ https://issues.apache.org/jira/browse/RANGER-2763?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pradeep Agrawal updated RANGER-2763: ------------------------------------ Fix Version/s: 2.1.0 > Hive SET Role command in Ranger hive plugin > ------------------------------------------- > > Key: RANGER-2763 > URL: https://issues.apache.org/jira/browse/RANGER-2763 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Pradeep Agrawal > Assignee: Pradeep Agrawal > Priority: Major > Fix For: 2.1.0 > > > [https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization#SQLStandardBasedHiveAuthorization-UsersandRoles] > In the above mentioned link there is a "SET Role" command which seems not > implemented yet in Ranger hive plugin > [https://github.com/apache/ranger/blob/master/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java#L104] > > If Ranger Hive plugin is enabled then execution of "set role" throws method > not implemented exception probably due to : > [https://github.com/apache/ranger/blob/master/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizerBase.java#L155] > > Expected behavior after the patch : > Without Ranger ACL Use case : > 1) create two roles let say role1 and role2 > 2) create one table table1 and insert a record. > 3) grant select on the table1 to role1 and insert on the table1 to role2 > 4) create user testuser1 and give both role1 and role2 to user testuser1 > 5) login from user testuser1 and set role to role1 by using set role command > 6) execute sql statement to select the records : since role1 is having > select grant user will able to view the records. > 7) execute insert statement to add a record : since role1 is not having > insert privileges and user has set current role to only role1 he would not > able to insert the records. > 8) now run the command set role and set the role to role2 > 9) execute insert statement to add a record : since role2 is having insert > privileges and user has set current role to only role2 he would able to > insert the records. > 10) execute sql statement to select the records : since role2 is not having > select permissions, user will not able to view the records. > 11) logout and login again from same user and execute show current role > command , both role should be displayed. -- This message was sent by Atlassian Jira (v8.3.4#803005)