[jira] [Resolved] (RANGER-620) Ability to use database when connecting to it via HiveServer2 without policy authorizing it

JIRA Fri, 21 Aug 2015 00:25:05 -0700

     [ 
https://issues.apache.org/jira/browse/RANGER-620?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Loïc C. Chanel resolved RANGER-620.
-----------------------------------
       Resolution: Fixed
    Fix Version/s: 0.5.0

> Ability to use database when connecting to it via HiveServer2 without policy 
> authorizing it
> -------------------------------------------------------------------------------------------
>
>                 Key: RANGER-620
>                 URL: https://issues.apache.org/jira/browse/RANGER-620
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin
>    Affects Versions: 0.4.0
>         Environment: HiveServer2 on Ambari with Ranger plugin enabled
>            Reporter: Loïc C. Chanel
>            Priority: Critical
>              Labels: hiveserver, security
>             Fix For: 0.5.0
>
>
> When doing with beeline
> !connect jdbc:hive2://192.168.6.210:10000/db1;principal=hive/hivehost@REALM 
> org.apache.hive.jdbc.HiveDriver
> I can connect to db1, and even make a show tables without having any 
> authorizing policy for these actions.
> And I am sure I have no right to connect and see these tables, because when 
> doing 
> !connect jdbc:hive2://192.168.6.210:10000/;principal=hive/hivehost@REALM 
> org.apache.hive.jdbc.HiveDriver
> I can't make a use db1 without the error : 
> Error: Error while compiling statement: FAILED: HiveAccessControlException 
> Permission denied: user [testuser] does not have [USE] privilege on [db1] 
> (state=42000,code=40000)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (RANGER-620) Ability to use database when connecting to it via HiveServer2 without policy authorizing it

Reply via email to