This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new 6142cd810 RANGER-4001:Wrong permission check for Hive 'Alter View as'
command in Ranger HiveAuthorizer
6142cd810 is described below
commit 6142cd810cc5a3cc18aaf5163fd20adac1ec8658
Author: Ramesh Mani <[email protected]>
AuthorDate: Tue Dec 6 17:04:17 2022 -0800
RANGER-4001:Wrong permission check for Hive 'Alter View as' command in
Ranger HiveAuthorizer
---
.../authorization/hive/authorizer/RangerHiveAuthorizer.java | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index 8f6801be1..b8d2685d2 100644
---
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -1722,7 +1722,13 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
accessType = isInput ?
HiveAccessType.SELECT : HiveAccessType.CREATE;
}
break;
-
+ case ALTERVIEW_AS:
+ if (hiveObj.getType() ==
HivePrivilegeObjectType.TABLE_OR_VIEW) {
+ accessType = isInput ?
HiveAccessType.SELECT : HiveAccessType.ALTER;
+ } else if (hiveObj.getType() ==
HivePrivilegeObjectType.DATABASE) {
+ accessType =
HiveAccessType.SELECT;
+ }
+ break;
case ALTERDATABASE:
case ALTERDATABASE_LOCATION:
case ALTERDATABASE_OWNER:
@@ -1763,7 +1769,6 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
case ALTERTABLE_UPDATETABLESTATS:
case ALTERTABLE_UPDATECOLUMNS:
case ALTERTBLPART_SKEWED_LOCATION:
- case ALTERVIEW_AS:
case ALTERVIEW_PROPERTIES:
case ALTERVIEW_RENAME:
case ALTER_MATERIALIZED_VIEW_REWRITE:
