[jira] [Updated] (RANGER-1297) Provide correct Ranger HiveAccessControlException message for DESCRIBE when authorization fails due to lack of SELECT on all columns

Fri, 06 Jan 2017 17:00:58 -0800 

     [ 
https://issues.apache.org/jira/browse/RANGER-1297?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani updated RANGER-1297:
--------------------------------
    Description: 
Provide correct Ranger HiveAccessControlException message for DESCRIBE <TABLE> 
when authorization fails due to lack of SELECT on all columns
Currently the message is misleading because it gives HiveAccessControlException 
Permission denied: user [user1] does not have [SELECT] privilege on 
[database/table] . 
It doesn't provide which column it doesn't have SELECT permission. 

It should have SELECT permission on all columns (*) by default to DESCRIBE as 
Hive doesn't provide ranger the necessary hooks to filter out the columns which 
user doesn't have access to. Until hive provides this, the policy in ranger 
should have SELECT on  "*" for columns on a table in order for  describer to 
succeed.

  was:
Provide correct Ranger HiveAccessControlException message for DESCRIBE <TABLE> 
when authorization fails due to lack of SELECT on all columns
Currently the message is misleading because it gives HiveAccessControlException 
Permission denied: user [user1] does not have [SELECT] privilege on 
[database/table] . It doesn't provide which column it doesn't have SELECT 
permission. Infact it should have SELECT permission on all columns (*) by 
default to DESCRIBE as Hive doesn't provide ranger the necessary hooks to 
filter out the columns which user doesn't have access to. Until hive provides 
this, the policy in ranger should have SELECT on  "*" for columns on a table in 
order for  describer to succeed.


> Provide correct Ranger HiveAccessControlException message for DESCRIBE 
> <TABLE> when authorization fails due to lack of SELECT on all columns
> --------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-1297
>                 URL: https://issues.apache.org/jira/browse/RANGER-1297
>             Project: Ranger
>          Issue Type: Bug
>            Reporter: Ramesh Mani
>            Assignee: Ramesh Mani
>
> Provide correct Ranger HiveAccessControlException message for DESCRIBE 
> <TABLE> when authorization fails due to lack of SELECT on all columns
> Currently the message is misleading because it gives 
> HiveAccessControlException Permission denied: user [user1] does not have 
> [SELECT] privilege on [database/table] . 
> It doesn't provide which column it doesn't have SELECT permission. 
> It should have SELECT permission on all columns (*) by default to DESCRIBE as 
> Hive doesn't provide ranger the necessary hooks to filter out the columns 
> which user doesn't have access to. Until hive provides this, the policy in 
> ranger should have SELECT on  "*" for columns on a table in order for  
> describer to succeed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to