Dayakar M created RANGER-5634:
---------------------------------
Summary: CTAS & Temporary-Table queries from Hive bypass UDF
Select authorization
Key: RANGER-5634
URL: https://issues.apache.org/jira/browse/RANGER-5634
Project: Ranger
Issue Type: Bug
Components: plugins
Reporter: Dayakar M
In Hive deployments protected by Ranger (Hadoop SQL service), {{CREATE TABLE …
AS SELECT}} and {{CREATE TEMPORARY TABLE … AS SELECT}} statements that invoke a
user-defined function (UDF) execute successfully even when the caller has no
Select/Execute privilege on the UDF.
Normal DML statements such as {{INSERT … SELECT my_udf()}} are correctly denied.
Hive’s authorization layer attaches UDF privilege object in both the cases(CTAS
and InsertSelect) mentioned above but its working only for InsertSelect.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
