ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abhay Kulkarni (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (RANGER-2045) Hive table columns with no explicit allow policy are listed with 'desc table' command
Date Wed, 28 Mar 2018 01:04:00 GMT

     [ https://issues.apache.org/jira/browse/RANGER-2045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Abhay Kulkarni updated RANGER-2045:
-----------------------------------
    Affects Version/s: master

> Hive table columns with no explicit allow policy are listed with 'desc table' command
> -------------------------------------------------------------------------------------
>
>                 Key: RANGER-2045
>                 URL: https://issues.apache.org/jira/browse/RANGER-2045
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: master
>            Reporter: Anuja Leekha
>            Assignee: Abhay Kulkarni
>            Priority: Major
>             Fix For: master
>
>
> *Test scenario*
> 'xasecure.hive.describetable.showcolumns.authorization.option' set to 'none'
> Database 'testdb' has a table 'testtable1' with 3 columns 'name', 'age', 'city'.
> Hive Policy exists giving user 'hrt_1' 'select' privilege on DB='testdb', table='testtable1'
and columns='name', 'age' [user does not have permissions on 'city' column].
> "DESCRIBE testdb.testtable1" and "show columns in testdb.testtable1" commands show results
with 'city' column included.
> When 'xasecure.hive.describetable.showcolumns.authorization.option' is set to 'none',
Hive would follow default behavior and should deny DESCRIBE table and show column commands
as the policy does not grant the test user access to all columns of the table. But the commands
go through fine.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message