ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madhan Neethiraj (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-930) Restricting Table names with the "Update" permission for HIVE does not work
Date Mon, 02 May 2016 03:13:12 GMT

    [ https://issues.apache.org/jira/browse/RANGER-930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15266082#comment-15266082
] 

Madhan Neethiraj commented on RANGER-930:
-----------------------------------------

[~coheigea] until we know further details from Hive, I would suggest the following workaround
to unblock you:
 - create a policy on resource={database=*; table=*__tmp__*; column=*}; group=public; permission=select

> Restricting Table names with the "Update" permission for HIVE does not work
> ---------------------------------------------------------------------------
>
>                 Key: RANGER-930
>                 URL: https://issues.apache.org/jira/browse/RANGER-930
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: 0.6.0
>            Reporter: Colm O hEigeartaigh
>            Assignee: Madhan Neethiraj
>            Priority: Blocker
>             Fix For: 0.6.0
>
>
> If I create a Ranger policy for a specific Table with "SELECT" + "UPDATE" permissions,
the user can't actually invoke an "insert" query in HIVE, e.g.:
> H110 Unable to submit statement. Error while compiling statement: FAILED: HiveAccessControlException
Permission denied: user [colm] does not have [SELECT] privilege on [default/values__tmp__table__3/tmp_values_col1,tmp_values_col2]
[ERROR_STATUS]
> It looks like there is an issue with access verification for temporary tables. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message