[
https://issues.apache.org/jira/browse/HIVE-2817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Owen O'Malley updated HIVE-2817:
--------------------------------
Fix Version/s: (was: 0.11.0)
> Drop any table even without privilege
> -------------------------------------
>
> Key: HIVE-2817
> URL: https://issues.apache.org/jira/browse/HIVE-2817
> Project: Hive
> Issue Type: Bug
> Affects Versions: 0.7.1, 0.8.0, 0.9.0, 0.10.0
> Reporter: Benyi Wang
> Assignee: Chen Chun
> Attachments: HIVE-2817.D10371.1.patch, HIVE-2817.D10563.1.patch
>
>
> You can drop any table if you use fully qualified name 'database.table' even
> you don't have any previlige.
> {code}
> hive> set hive.security.authorization.enabled=true;
> hive> revoke all on default from user test_user;
> hive> drop table abc;
> hive> drop table abc;
> Authorization failed:No privilege 'Drop' found for outputs {
> database:default, table:abc}. Use show grant to get more details.
> hive> drop table default.abc;
> OK
> Time taken: 0.13 seconds
> {code}
> The table and the file in {{/usr/hive/warehouse}} or external file will be
> deleted. If you don't have hadoop access permission on
> {{/usr/hive/warehouse}} or external files, you will see a hadoop access error
> {code}
> 12/02/23 15:35:35 ERROR hive.log:
> org.apache.hadoop.security.AccessControlException:
> org.apache.hadoop.security.AccessControlException: Permission denied:
> user=test_user, access=WRITE, inode="/user/myetl":myetl:etl:drwxr-xr-x
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
