[jira] [Commented] (RANGER-1823) Allowed TRUNCATE and INSERT to partition table when the policy item is only "SELECT"
[ https://issues.apache.org/jira/browse/RANGER-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16420064#comment-16420064 ] Haihui Xu commented on RANGER-1823: --- [~rmani] This may be about with the vision of hive. I had test it using ranger-0.5.3 and apache hive-1.1.0 > Allowed TRUNCATE and INSERT to partition table when the policy item is only > "SELECT" > > > Key: RANGER-1823 > URL: https://issues.apache.org/jira/browse/RANGER-1823 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 0.5.3, 0.7.1 >Reporter: Haihui Xu >Assignee: Haihui Xu >Priority: Major > Fix For: 1.1.0 > > Attachments: RANGER-1823-Allowed TRUNCATE and INSERT to partition > table when the policy item is only SELECT.patch, Screen Shot 2018-01-24 at > 12.59.55 PM.png, clipboard.png > > > In beeline, useraa create table hive_test, such as : CREATE TABLE > hive_test(b string) PARTITIONED BY (a string); then in ranger admin UI add > a policy for userbb, the policy has only "SELECT" of table hive_test; in > beeline userbb execute "truncate table hive_test" / "insert into hive_test > partition(a=20171003) select 1 from hive_test" is allowed. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-1823) Allowed TRUNCATE and INSERT to partition table when the policy item is only "SELECT"
[ https://issues.apache.org/jira/browse/RANGER-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16203111#comment-16203111 ] Haihui Xu commented on RANGER-1823: --- [~rmani] > Allowed TRUNCATE and INSERT to partition table when the policy item is only > "SELECT" > > > Key: RANGER-1823 > URL: https://issues.apache.org/jira/browse/RANGER-1823 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 0.5.3, 0.7.1 >Reporter: Haihui Xu >Assignee: Haihui Xu > Fix For: 0.5.4, 1.0.0 > > Attachments: RANGER-1823-Allowed TRUNCATE and INSERT to partition > table when the policy item is only SELECT.patch > > > In beeline, useraa create table hive_test, such as : CREATE TABLE > hive_test(b string) PARTITIONED BY (a string); then in ranger admin UI add > a policy for userbb, the policy has only "SELECT" of table hive_test; in > beeline userbb execute "truncate table hive_test" / "insert into hive_test > partition(a=20171003) select 1 from hive_test" is allowed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1823) Allowed TRUNCATE and INSERT to partition table when the policy item is only "SELECT"
[ https://issues.apache.org/jira/browse/RANGER-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16199462#comment-16199462 ] Ramesh Mani commented on RANGER-1823: - [~Seymour Xu], I couldnt reproduce this issue locally. If it would have happend its a nasty one in terms of security. By looking into this code change, UPDATE should be access type for the operation which really does updat e like , TRUNCATE /INSERT / DELETE not on QUERY whose primary operation is to fetch data. Could you please check this out and put some debug logs from the cluster when you do this testing > Allowed TRUNCATE and INSERT to partition table when the policy item is only > "SELECT" > > > Key: RANGER-1823 > URL: https://issues.apache.org/jira/browse/RANGER-1823 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 0.5.3, 0.7.1 >Reporter: Haihui Xu >Assignee: Haihui Xu > Fix For: 0.5.4, 1.0.0 > > Attachments: RANGER-1823-Allowed TRUNCATE and INSERT to partition > table when the policy item is only SELECT.patch > > > In beeline, useraa create table hive_test, such as : CREATE TABLE > hive_test(b string) PARTITIONED BY (a string); then in ranger admin UI add > a policy for userbb, the policy has only "SELECT" of table hive_test; in > beeline userbb execute "truncate table hive_test" / "insert into hive_test > partition(a=20171003) select 1 from hive_test" is allowed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1823) Allowed TRUNCATE and INSERT to partition table when the policy item is only "SELECT"
[ https://issues.apache.org/jira/browse/RANGER-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16198446#comment-16198446 ] Haihui Xu commented on RANGER-1823: --- [~rmani] https://reviews.apache.org/r/62860/ Thanks for your review. > Allowed TRUNCATE and INSERT to partition table when the policy item is only > "SELECT" > > > Key: RANGER-1823 > URL: https://issues.apache.org/jira/browse/RANGER-1823 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 0.5.3, 0.7.1 >Reporter: Haihui Xu >Assignee: Haihui Xu > Fix For: 0.5.4, 1.0.0 > > Attachments: RANGER-1823-Allowed TRUNCATE and INSERT to partition > table when the policy item is only SELECT.patch > > > In beeline, useraa create table hive_test, such as : CREATE TABLE > hive_test(b string) PARTITIONED BY (a string); then in ranger admin UI add > a policy for userbb, the policy has only "SELECT" of table hive_test; in > beeline userbb execute "truncate table hive_test" / "insert into hive_test > partition(a=20171003) select 1 from hive_test" is allowed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1823) Allowed TRUNCATE and INSERT to partition table when the policy item is only "SELECT"
[ https://issues.apache.org/jira/browse/RANGER-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16196455#comment-16196455 ] Ramesh Mani commented on RANGER-1823: - [~Seymour Xu] Please raise a review request for this patch. Refer this doc for how to create the review request https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=55151244 Thanks for your contribution. > Allowed TRUNCATE and INSERT to partition table when the policy item is only > "SELECT" > > > Key: RANGER-1823 > URL: https://issues.apache.org/jira/browse/RANGER-1823 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 0.5.3, 0.7.1 >Reporter: Haihui Xu >Assignee: Haihui Xu > Fix For: 0.5.4, 1.0.0 > > Attachments: RANGER-1823-Allowed TRUNCATE and INSERT to partition > table when the policy item is only SELECT.patch > > > In beeline, useraa create table hive_test, such as : CREATE TABLE > hive_test(b string) PARTITIONED BY (a string); then in ranger admin UI add > a policy for userbb, the policy has only "SELECT" of table hive_test; in > beeline userbb execute "truncate table hive_test" / "insert into hive_test > partition(a=20171003) select 1 from hive_test" is allowed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)