Wei Zheng created HIVE-16028:
--------------------------------
Summary: Fail UPDATE/DELETE/MERGE queries when Ranger
authorization manager is used
Key: HIVE-16028
URL: https://issues.apache.org/jira/browse/HIVE-16028
Project: Hive
Issue Type: Bug
Components: Authorization
Affects Versions: 2.2.0
Reporter: Wei Zheng
Assignee: Wei Zheng
This is a followup of HIVE-15891. In that jira an error-out logic was added,
but the assumption that we need to do row filtering/column masking for entries
in a non-empty list of tables returned by applyRowFilterAndColumnMasking is
wrong, because on Ranger side,
RangerHiveAuthorizer#applyRowFilterAndColumnMasking will unconditionally return
a list of tables no matter whether row filtering/column masking is applicable
on the tables.
The fix for Hive for now will be to move the error-out logic after we figure
out there's no replacement text for the query. But ideally we should consider
modifying Ranger logic to only return tables that need to be masked.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
