ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abhay Kulkarni (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-2045) Hive table columns with no explicit allow policy are listed with 'desc table' command
Date Sun, 08 Apr 2018 01:55:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-2045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16429575#comment-16429575

Abhay Kulkarni commented on RANGER-2045:

Additional commits:





> Hive table columns with no explicit allow policy are listed with 'desc table' command
> -------------------------------------------------------------------------------------
>                 Key: RANGER-2045
>                 URL: https://issues.apache.org/jira/browse/RANGER-2045
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 1.0.0, master
>            Reporter: Anuja Leekha
>            Assignee: Abhay Kulkarni
>            Priority: Major
>             Fix For: 1.0.0, master
> *Test scenario*
> 'xasecure.hive.describetable.showcolumns.authorization.option' set to 'none'
> Database 'testdb' has a table 'testtable1' with 3 columns 'name', 'age', 'city'.
> Hive Policy exists giving user 'hrt_1' 'select' privilege on DB='testdb', table='testtable1'
and columns='name', 'age' [user does not have permissions on 'city' column].
> "DESCRIBE testdb.testtable1" and "show columns in testdb.testtable1" commands show results
with 'city' column included.
> When 'xasecure.hive.describetable.showcolumns.authorization.option' is set to 'none',
Hive would follow default behavior and should deny DESCRIBE table and show column commands
as the policy does not grant the test user access to all columns of the table. But the commands
go through fine.

This message was sent by Atlassian JIRA

View raw message