Raghav Aggarwal created RANGER-4994:
---------------------------------------
Summary: Alter MV rebuild should fail for unauthorized user
irrespective of MV state
Key: RANGER-4994
URL: https://issues.apache.org/jira/browse/RANGER-4994
Project: Ranger
Issue Type: Bug
Components: plugins, Ranger
Reporter: Raghav Aggarwal
Attachments: expected_case.sql, no_error_case.sql
Attaching the steps to reproduce issue as attachments.
{_}NOTE{_}: MV is created via hive user and rebuilding it via other user
(raghav user).
When Materialized View (MV) is outdated and unauthorized user triggers the
ALTER query to rebuild it, it is failing as it also requries access to base
tables.
{code:java}
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [raghav] does not have [ALTER] privilege on
[raghav/emps/deptno,empid,hire_date]{code}
But when MV is not outdated, then running alter query will not do anything i.e
it will not use any base table and the query passes and doesn't throw any auth
exception. *But ideally it should throw exception*
But running a SELECT on same MV from unauthorized user fails throwing error
(expected behaviour):
{code:java}
Error: Error while compiling statement: FAILED: HiveAccessControlException
Permission denied [raghav] does not have [SELECT] privilege on
[raghav/mv_recently_hired/*] {code}
My understanding is that the behaviour should remain same irrespective of the
state of the MV for ALTER query. _Thoughts on this?_
--
This message was sent by Atlassian Jira
(v8.20.10#820010)