hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wei Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-16028) Fail UPDATE/DELETE/MERGE queries when Ranger authorization manager is used
Date Thu, 23 Feb 2017 19:23:44 GMT

     [ https://issues.apache.org/jira/browse/HIVE-16028?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Wei Zheng updated HIVE-16028:
-----------------------------
    Attachment: HIVE-16028.1.patch

> Fail UPDATE/DELETE/MERGE queries when Ranger authorization manager is used
> --------------------------------------------------------------------------
>
>                 Key: HIVE-16028
>                 URL: https://issues.apache.org/jira/browse/HIVE-16028
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization
>    Affects Versions: 2.2.0
>            Reporter: Wei Zheng
>            Assignee: Wei Zheng
>         Attachments: HIVE-16028.1.patch
>
>
> This is a followup of HIVE-15891. In that jira an error-out logic was added, but the
assumption that we need to do row filtering/column masking for entries in a non-empty list
of tables returned by applyRowFilterAndColumnMasking is wrong, because on Ranger side, RangerHiveAuthorizer#applyRowFilterAndColumnMasking
will unconditionally return a list of tables no matter whether row filtering/column masking
is applicable on the tables.
> The fix for Hive for now will be to move the error-out logic after we figure out there's
no replacement text for the query. But ideally we should consider modifying Ranger logic to
only return tables that need to be masked.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message