[
https://issues.apache.org/jira/browse/RANGER-2943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jie Zhang updated RANGER-2943:
------------------------------
Description:
h2. Before enabling Ranger on Hive: hive.security.authorization.manager =
org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
user jiezhang does not have access to table default.dim_customer_pii, so I got
access denied when I ran this query, this is expected.
{code:java}
select * from default.dim_customer_pii limit 5;
{code}
h2. After enabling Ranger on Hive: hive.security.authorization.manager =
org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory
When I ran the query above, I got the actual results, this is NOT expected.
h2. In summary:
After enabling Ranger on Hive, the rules with SQLStdHiveAuthorizerFactory are
not enforced anymore. Is this by design? How can we enforce both
SQLStdHiveAuthorizerFactory and RangerHiveAuthorizerFactory? Thanks for your
help.
was:
h2. Before enabling Ranger on Hive:
user jiezhang does not have access to table default.dim_customer_pii, so I got
access denied when I ran this query, this is expected.
{code:java}
select * from default.dim_customer_pii limit 5;
{code}
h2. After enabling Ranger on Hive:
When I ran the query above, I got the actual results, this is NOT expected.
h2. In summary:
After enabling Ranger on Hive, the rules in hive-metastore are not enforced
anymore. Is this by design? How can we still enforce rules in hive-metastore
while have Ranger installed (we are using Ranger auditing capability)? Thanks
for your help.
> After enabling Ranger for Hive, the rules in hive-metastore are not enforced
> anymore
> ------------------------------------------------------------------------------------
>
> Key: RANGER-2943
> URL: https://issues.apache.org/jira/browse/RANGER-2943
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 2.1.0
> Reporter: Jie Zhang
> Priority: Major
>
> h2. Before enabling Ranger on Hive: hive.security.authorization.manager =
> org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
> user jiezhang does not have access to table default.dim_customer_pii, so I
> got access denied when I ran this query, this is expected.
> {code:java}
> select * from default.dim_customer_pii limit 5;
> {code}
> h2. After enabling Ranger on Hive: hive.security.authorization.manager =
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory
> When I ran the query above, I got the actual results, this is NOT expected.
> h2. In summary:
> After enabling Ranger on Hive, the rules with SQLStdHiveAuthorizerFactory are
> not enforced anymore. Is this by design? How can we enforce both
> SQLStdHiveAuthorizerFactory and RangerHiveAuthorizerFactory? Thanks for your
> help.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
