ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "peng bo (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (RANGER-2329) [Hive Plugin] show databases denied although user has access to some databases
Date Wed, 30 Jan 2019 08:45:00 GMT

     [ https://issues.apache.org/jira/browse/RANGER-2329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

peng bo updated RANGER-2329:
----------------------------
    Description: 
a. assign select permission to user1 for database A with table * and hive Column *
b. login user1 by beeline 
c. type 'show databases', error shows 
Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied:
user [hadoop] does not have [USE] privilege on [*] (state=42000,code=40000)

The cause:
It seems to be a regression introduced by [RANGER-1766|https://issues.apache.org/jira/browse/RANGER-1766]:

{code:java}
case DATABASE:
    if (databaseorUrl == null) {
        databaseorUrl = "*";
    }
{code}

This code applies on "show databases" as well which prevents the according RangerPolicyEvaluator
from being returned.

  was:
a. assign select permission to user1 for database A with table * and hive Column *
b. login user1 by beeline 
c. type 'show databases', error shows 
Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied:
user [hadoop] does not have [USE] privilege on [*] (state=42000,code=40000)

The cause:
It seems to be a regression introduced by [RANGER-1766|https://issues.apache.org/jira/browse/RANGER-1766]:

{code:java}
case DATABASE:
    if (databaseorUrl == null) {
        databaseorUrl = "*";
}
{code}

This code applies on "show databases" as well which prevents the according RangerPolicyEvaluator
from being returned.


> [Hive Plugin] show databases denied although user has access to some databases
> ------------------------------------------------------------------------------
>
>                 Key: RANGER-2329
>                 URL: https://issues.apache.org/jira/browse/RANGER-2329
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: 1.0.0, 1.2.0
>            Reporter: peng bo
>            Priority: Major
>              Labels: patch
>             Fix For: 1.0.0
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> a. assign select permission to user1 for database A with table * and hive Column *
> b. login user1 by beeline 
> c. type 'show databases', error shows 
> Error: Error while compiling statement: FAILED: HiveAccessControlException Permission
denied: user [hadoop] does not have [USE] privilege on [*] (state=42000,code=40000)
> The cause:
> It seems to be a regression introduced by [RANGER-1766|https://issues.apache.org/jira/browse/RANGER-1766]:

> {code:java}
> case DATABASE:
>     if (databaseorUrl == null) {
>         databaseorUrl = "*";
>     }
> {code}
> This code applies on "show databases" as well which prevents the according RangerPolicyEvaluator
from being returned.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message