[jira] [Commented] (RANGER-2185) Hive Plugin show databases permission denied when user has access to some of the databases
[ https://issues.apache.org/jira/browse/RANGER-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16848644#comment-16848644 ] Haihui Xu commented on RANGER-2185: --- I upload the patch of this issue about the ranger version 1.1.0. show-databases-permission-denied-ranger1.1.0.patch > Hive Plugin show databases permission denied when user has access to some of > the databases > -- > > Key: RANGER-2185 > URL: https://issues.apache.org/jira/browse/RANGER-2185 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 1.0.0 >Reporter: dhomme >Priority: Major > Labels: security > Attachments: 0001-RANGER-2185-fix-hive-show-databases-bug.patch, > show-databases-permission-denied-ranger1.1.0.patch, > show-databases-permission-denied-ranger1.1.0.patch > > > Add a resource based policy to allow a user, hive, has access to the default > database. Then execute 'show databases;' via beeline, the user should see > 'default'. Instead following error is shown: > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [hive] does not have [USE] privilege on [*] > (state=42000,code=4) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-2185) Hive Plugin show databases permission denied when user has access to some of the databases
[ https://issues.apache.org/jira/browse/RANGER-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16846523#comment-16846523 ] Haihui Xu commented on RANGER-2185: --- I find that ranger 1.1.0 has the same issue. But the solution of [~dhomme] maybe not good enough。 The method “isShowDatabasesAccessAllowed(request)” should not in RangerHiveAuthorizer.java(ranger-hive-plugin) what about the offical solution?[~rmani] > Hive Plugin show databases permission denied when user has access to some of > the databases > -- > > Key: RANGER-2185 > URL: https://issues.apache.org/jira/browse/RANGER-2185 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 1.0.0 >Reporter: dhomme >Priority: Major > Labels: security > Attachments: 0001-RANGER-2185-fix-hive-show-databases-bug.patch > > > Add a resource based policy to allow a user, hive, has access to the default > database. Then execute 'show databases;' via beeline, the user should see > 'default'. Instead following error is shown: > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [hive] does not have [USE] privilege on [*] > (state=42000,code=4) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-2185) Hive Plugin show databases permission denied when user has access to some of the databases
[ https://issues.apache.org/jira/browse/RANGER-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16716703#comment-16716703 ] JackYan commented on RANGER-2185: - I used the version 1.2.0,and I also met this trouble too. I given a user some privilege like this,database:default table:test column:*,then I login using this user.When I executed 'show databases;', I got message like this, 'Permission denied: user [xxx] does not have [USE] privilege on [*]'.But, I can exectue 'use default;' and 'show tables;'. Did anyone else have this problem?And how you solved it? Sorry for my poor English. > Hive Plugin show databases permission denied when user has access to some of > the databases > -- > > Key: RANGER-2185 > URL: https://issues.apache.org/jira/browse/RANGER-2185 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 1.0.0 >Reporter: dhomme >Priority: Major > Labels: security > Attachments: 0001-RANGER-2185-fix-hive-show-databases-bug.patch > > > Add a resource based policy to allow a user, hive, has access to the default > database. Then execute 'show databases;' via beeline, the user should see > 'default'. Instead following error is shown: > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [hive] does not have [USE] privilege on [*] > (state=42000,code=4) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-2185) Hive Plugin show databases permission denied when user has access to some of the databases
[ https://issues.apache.org/jira/browse/RANGER-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16577075#comment-16577075 ] dhomme commented on RANGER-2185: [~rmani] I tested it with version release-ranger-1.0.0. I found that execute 'show databases;' would check whether if the user has policy with database=/*, if not, it will fail with access-denied. > Hive Plugin show databases permission denied when user has access to some of > the databases > -- > > Key: RANGER-2185 > URL: https://issues.apache.org/jira/browse/RANGER-2185 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 1.0.0 >Reporter: dhomme >Priority: Major > Labels: security > Attachments: > 0001-RANGER-2185-fix-showdatabases-permission-when-user-h.patch > > > Add a resource based policy to allow a user, hive, has access to the default > database. Then execute 'show databases;' via beeline, the user should see > 'default'. Instead following error is shown: > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [hive] does not have [USE] privilege on [*] > (state=42000,code=4) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-2185) Hive Plugin show databases permission denied when user has access to some of the databases
[ https://issues.apache.org/jira/browse/RANGER-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16576773#comment-16576773 ] Ramesh Mani commented on RANGER-2185: - [~dhomme] Solution you are proposing is very invasive in policy engine and not recommended at all. You may need to revisit this and see if this an can be addressed in ranger hive plugin. Also when I tried this in the current version, I couldn't reproduce this and worked as expected, so I am not sure which version of ranger you tested this with. > Hive Plugin show databases permission denied when user has access to some of > the databases > -- > > Key: RANGER-2185 > URL: https://issues.apache.org/jira/browse/RANGER-2185 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 1.0.0 >Reporter: dhomme >Priority: Major > Labels: security > Attachments: > 0001-RANGER-2185-fix-showdatabases-permission-when-user-h.patch > > > Add a resource based policy to allow a user, hive, has access to the default > database. Then execute 'show databases;' via beeline, the user should see > 'default'. Instead following error is shown: > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [hive] does not have [USE] privilege on [*] > (state=42000,code=4) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-2185) Hive Plugin show databases permission denied when user has access to some of the databases
[ https://issues.apache.org/jira/browse/RANGER-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16575976#comment-16575976 ] dhomme commented on RANGER-2185: Patch is available at the Review Board. https://reviews.apache.org/r/68290/ > Hive Plugin show databases permission denied when user has access to some of > the databases > -- > > Key: RANGER-2185 > URL: https://issues.apache.org/jira/browse/RANGER-2185 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 1.0.0 >Reporter: dhomme >Priority: Major > Labels: security > Attachments: > 0001-RANGER-2185-fix-showdatabases-permission-when-user-h.patch > > > Add a resource based policy to allow a user, hive, has access to the default > database. Then execute 'show databases;' via beeline, the user should see > 'default'. Instead following error is shown: > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: user [hive] does not have [USE] privilege on [*] > (state=42000,code=4) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
