ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abhay Kulkarni (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-2045) Hive table columns with no explicit allow policy are listed with 'desc table' command
Date Sun, 08 Apr 2018 01:55:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-2045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16429575#comment-16429575
] 

Abhay Kulkarni commented on RANGER-2045:
----------------------------------------

Additional commits:

ranger-1.0:

https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=889999a1ffbc230fa9204d2e8a0464bfcf024180

master:

https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=fe854a061e0948f27437fb5d9e6f24f0cac0f372

> Hive table columns with no explicit allow policy are listed with 'desc table' command
> -------------------------------------------------------------------------------------
>
>                 Key: RANGER-2045
>                 URL: https://issues.apache.org/jira/browse/RANGER-2045
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 1.0.0, master
>            Reporter: Anuja Leekha
>            Assignee: Abhay Kulkarni
>            Priority: Major
>             Fix For: 1.0.0, master
>
>
> *Test scenario*
> 'xasecure.hive.describetable.showcolumns.authorization.option' set to 'none'
> Database 'testdb' has a table 'testtable1' with 3 columns 'name', 'age', 'city'.
> Hive Policy exists giving user 'hrt_1' 'select' privilege on DB='testdb', table='testtable1'
and columns='name', 'age' [user does not have permissions on 'city' column].
> "DESCRIBE testdb.testtable1" and "show columns in testdb.testtable1" commands show results
with 'city' column included.
> When 'xasecure.hive.describetable.showcolumns.authorization.option' is set to 'none',
Hive would follow default behavior and should deny DESCRIBE table and show column commands
as the policy does not grant the test user access to all columns of the table. But the commands
go through fine.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message