ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Deepak Sharma (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (RANGER-774) security issue with ranger hive authorization with export
Date Tue, 08 Dec 2015 08:24:11 GMT

     [ https://issues.apache.org/jira/browse/RANGER-774?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Deepak Sharma updated RANGER-774:
---------------------------------
    Description: 
Export command in hive is violating security condition in following scenario:
#EXPORT command if SELECT permission is not there (partitioned table)1. create a partitioned
table with only select permission (hive ranger policy) for user1
2. create a hdfs dir ( should be accessible to user1 - rwx) 
3. check there should be no ranger policy (hdfs) for user1
4. try to export export a partition to this hdfs dir using user1 and check the result
#EXPORT a sepecific partition command if SELECT permission is not there (partitioned table)
1. create a partitioned table with no permission (no hive ranger policy) for user1
2. create a hdfs dir ( should be accessible to user1 - rwx) 
3. check there should be no ranger policy (hdfs) for user1
4. try to export a partition to this hdfs dir using user1 and check the result

  was:
Details
Type: Bug
Status:OPEN  (View Workflow)
Priority: Critical
Resolution: Unresolved
Affects Version/s:
Dal-M20
Fix Version/s:
Dal-M20
Component/s:
Ranger
Labels:
Ranger system_Test
OS:
All
DB:
MySQL 5.6
Security:
Secure
Wire Encryption:
Off
Tez : Off
Ranger:
On
Description
Export command in hive is violating security condition in following scenario:
#EXPORT command if SELECT permission is not there (partitioned table)1. create a partitioned
table with only select permission (hive ranger policy) for user1
2. create a hdfs dir ( should be accessible to user1 - rwx) 
3. check there should be no ranger policy (hdfs) for user1
4. try to export export a partition to this hdfs dir using user1 and check the result
#EXPORT a sepecific partition command if SELECT permission is not there (partitioned table)
1. create a partitioned table with no permission (no hive ranger policy) for user1
2. create a hdfs dir ( should be accessible to user1 - rwx) 
3. check there should be no ranger policy (hdfs) for user1
4. try to export a partition to this hdfs dir using user1 and check the result


> security issue with ranger hive authorization with export
> ---------------------------------------------------------
>
>                 Key: RANGER-774
>                 URL: https://issues.apache.org/jira/browse/RANGER-774
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 0.5.0
>            Reporter: Deepak Sharma
>            Assignee: Alok Lal
>            Priority: Critical
>              Labels: ranger
>             Fix For: 0.5.0
>
>
> Export command in hive is violating security condition in following scenario:
> #EXPORT command if SELECT permission is not there (partitioned table)1. create a partitioned
table with only select permission (hive ranger policy) for user1
> 2. create a hdfs dir ( should be accessible to user1 - rwx) 
> 3. check there should be no ranger policy (hdfs) for user1
> 4. try to export export a partition to this hdfs dir using user1 and check the result
> #EXPORT a sepecific partition command if SELECT permission is not there (partitioned
table)
> 1. create a partitioned table with no permission (no hive ranger policy) for user1
> 2. create a hdfs dir ( should be accessible to user1 - rwx) 
> 3. check there should be no ranger policy (hdfs) for user1
> 4. try to export a partition to this hdfs dir using user1 and check the result



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message