ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pradeep Agrawal (Jira)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-2858) 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies
Date Fri, 10 Jul 2020 05:35:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-2858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17155145#comment-17155145
] 

Pradeep Agrawal commented on RANGER-2858:
-----------------------------------------

Patch 2([https://reviews.apache.org/r/72659/]) committed to master : 

[https://github.com/apache/ranger/commit/708085410ff2bbbde5f9343c31cd0a1b45f5efa8]

> 'show databases' gives permission denied error, even though the user has permissions
on a few of the databases in security zone policies
> ----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-2858
>                 URL: https://issues.apache.org/jira/browse/RANGER-2858
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 2.0.0
>            Reporter: Abhay Kulkarni
>            Assignee: Abhay Kulkarni
>            Priority: Major
>             Fix For: 2.1.0
>
>
> When user has permissions on a few of the databases in security zone policies, "show
databases" command is expected to list databases on which the user has some permission in
any security zone(s). However, the command fails with the following message.
> ============
>  FAILED: HiveAccessControlException Permission denied: user [behemoth] does not have [USE] privilege
on [Unknown resource!!]
>  org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException:
Permission denied: user [behemoth] does not have [USE] privilege on [Unknown resource!!]
>  at org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:487)
> ============
> Furthermore, command "use <database>" where <database> is name of the database
where user has some access in any security zone, succeeds.
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message