[jira] [Commented] (HIVE-12241) SQLStdAuth grant on .* not recognized
[
https://issues.apache.org/jira/browse/HIVE-12241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14987372#comment-14987372
]
Hari Sekhon commented on HIVE-12241:
Agreed Ranger is nice but not everybody has Ranger, I have it on the other
cluster but haven't deployed it to this one yet, and other distributions don't
even have Ranger yet.
>From Hive's perspective this should be solvable using native SQL grants.
The whole point of SQLStdAuth was to be similar to grants in RDBMS and since
they can do grant on .* then Hive should support this syntax also.
> SQLStdAuth grant on .* not recognized
> -
>
> Key: HIVE-12241
> URL: https://issues.apache.org/jira/browse/HIVE-12241
> Project: Hive
> Issue Type: Bug
> Components: Parser, SQLStandardAuthorization
>Affects Versions: 0.14.0
> Environment: HDP 2.2
>Reporter: Hari Sekhon
>
> Using SQLStdAuthorizer Hive doesn't recognize doing a grant on all tables
> like I've done before in RDBMS. If having a lot of tables this becomes very
> inconvenient to grant on a table-by-table basis and granting on database
> succeeds but still doesn't allow user to query tables in that database:
> {code}
> > grant all on myDB.* to user hari;
> Error: Error while compiling statement: FAILED: ParseException line 1:15
> mismatched input '.' expecting TO near 'myDB' in grant privileges
> (state=42000,code=4)
> > grant all on myDB.`*` to user hari;
> Error: Error while compiling statement: FAILED: SemanticException [Error
> 10001]: Table not found myDB.* (state=42S02,code=10001)
> > grant all on `myDB.*` to user hari;
> Error: Error while compiling statement: FAILED: SemanticException [Error
> 10001]: Table not found myDB.* (state=42S02,code=10001)
> > grant all on all to user hari;
> Error: Error while compiling statement: FAILED: SemanticException [Error
> 10001]: Table not found myDB.all (state=42S02,code=10001)
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-12241) SQLStdAuth grant on .* not recognized
[
https://issues.apache.org/jira/browse/HIVE-12241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14975396#comment-14975396
]
Thejas M Nair commented on HIVE-12241:
--
You are right, there is no support for a regex on tables in grant statements in
sql std authorization. That would be nice to have.
There are more flexible granting is possible via Ranger.
> SQLStdAuth grant on .* not recognized
> -
>
> Key: HIVE-12241
> URL: https://issues.apache.org/jira/browse/HIVE-12241
> Project: Hive
> Issue Type: Bug
> Components: Parser, SQLStandardAuthorization
>Affects Versions: 0.14.0
> Environment: HDP 2.2
>Reporter: Hari Sekhon
>
> Using SQLStdAuthorizer Hive doesn't recognize doing a grant on all tables
> like I've done before in RDBMS. If having a lot of tables this becomes very
> inconvenient to grant on a table-by-table basis and granting on database
> succeeds but still doesn't allow user to query tables in that database:
> {code}
> > grant all on myDB.* to user hari;
> Error: Error while compiling statement: FAILED: ParseException line 1:15
> mismatched input '.' expecting TO near 'myDB' in grant privileges
> (state=42000,code=4)
> > grant all on myDB.`*` to user hari;
> Error: Error while compiling statement: FAILED: SemanticException [Error
> 10001]: Table not found myDB.* (state=42S02,code=10001)
> > grant all on `myDB.*` to user hari;
> Error: Error while compiling statement: FAILED: SemanticException [Error
> 10001]: Table not found myDB.* (state=42S02,code=10001)
> > grant all on all to user hari;
> Error: Error while compiling statement: FAILED: SemanticException [Error
> 10001]: Table not found myDB.all (state=42S02,code=10001)
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
