[
https://issues.apache.org/jira/browse/HIVE-2817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ashutosh Chauhan updated HIVE-2817:
-----------------------------------
Resolution: Fixed
Fix Version/s: 0.13.0
Status: Resolved (was: Patch Available)
Fixed via HIVE-2818 Feel free to reopen if you can still repro.
> Drop any table even without privilege
> -------------------------------------
>
> Key: HIVE-2817
> URL: https://issues.apache.org/jira/browse/HIVE-2817
> Project: Hive
> Issue Type: Bug
> Affects Versions: 0.7.1, 0.8.0, 0.9.0, 0.10.0
> Reporter: Benyi Wang
> Assignee: Chun Chen
> Fix For: 0.13.0
>
> Attachments: HIVE-2817.D10371.1.patch, HIVE-2817.D10563.1.patch
>
>
> You can drop any table if you use fully qualified name 'database.table' even
> you don't have any previlige.
> {code}
> hive> set hive.security.authorization.enabled=true;
> hive> revoke all on default from user test_user;
> hive> drop table abc;
> hive> drop table abc;
> Authorization failed:No privilege 'Drop' found for outputs {
> database:default, table:abc}. Use show grant to get more details.
> hive> drop table default.abc;
> OK
> Time taken: 0.13 seconds
> {code}
> The table and the file in {{/usr/hive/warehouse}} or external file will be
> deleted. If you don't have hadoop access permission on
> {{/usr/hive/warehouse}} or external files, you will see a hadoop access error
> {code}
> 12/02/23 15:35:35 ERROR hive.log:
> org.apache.hadoop.security.AccessControlException:
> org.apache.hadoop.security.AccessControlException: Permission denied:
> user=test_user, access=WRITE, inode="/user/myetl":myetl:etl:drwxr-xr-x
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
