[jira] [Created] (RANGER-1297) Provide correct Ranger HiveAccessControlException message for DESCRIBE when authorization fails due to lack of SELECT on all columns Ramesh Mani (JIRA) Fri, 06 Jan 2017 16:59:31 -0800 Ramesh Mani created RANGER-1297: ----------------------------------- Summary: Provide correct Ranger HiveAccessControlException message for DESCRIBE <TABLE> when authorization fails due to lack of SELECT on all columns Key: RANGER-1297 URL: https://issues.apache.org/jira/browse/RANGER-1297 Project: Ranger Issue Type: Bug Reporter: Ramesh Mani Assignee: Ramesh Mani Provide correct Ranger HiveAccessControlException message for DESCRIBE <TABLE> when authorization fails due to lack of SELECT on all columns Currently the message is misleading because it gives HiveAccessControlException Permission denied: user [user1] does not have [SELECT] privilege on [database/table] . It doesn't provide which column it doesn't have SELECT permission. Infact it should have SELECT permission on all columns (*) by default to DESCRIBE as Hive doesn't provide ranger the necessary hooks to filter out the columns which user doesn't have access to. Until hive provides this, the policy in ranger should have SELECT on "*" for columns on a table in order for describer to succeed. -- This message was sent by Atlassian JIRA (v6.3.4#6332) Previous message View by thread View by date Next message Reply via email to Search the site The Mail Archive home dev - all messages dev - about the list Expand Previous message Next message The Mail Archive home Add your mailing list FAQ Support Privacy JIRA.13032742.1483750726000.674130.1483750738316@Atlassian.JIRA

[Ramesh Mani (JIRA)]

Ramesh Mani created RANGER-1297:
-----------------------------------

             Summary: Provide correct Ranger HiveAccessControlException message 
for DESCRIBE <TABLE> when authorization fails due to lack of SELECT on all 
columns
                 Key: RANGER-1297
                 URL: https://issues.apache.org/jira/browse/RANGER-1297
             Project: Ranger
          Issue Type: Bug
            Reporter: Ramesh Mani
            Assignee: Ramesh Mani


Provide correct Ranger HiveAccessControlException message for DESCRIBE <TABLE> 
when authorization fails due to lack of SELECT on all columns
Currently the message is misleading because it gives HiveAccessControlException 
Permission denied: user [user1] does not have [SELECT] privilege on 
[database/table] . It doesn't provide which column it doesn't have SELECT 
permission. Infact it should have SELECT permission on all columns (*) by 
default to DESCRIBE as Hive doesn't provide ranger the necessary hooks to 
filter out the columns which user doesn't have access to. Until hive provides 
this, the policy in ranger should have SELECT on  "*" for columns on a table in 
order for  describer to succeed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)