[
https://issues.apache.org/jira/browse/HIVE-6957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13977468#comment-13977468
]
Thejas M Nair commented on HIVE-6957:
-------------------------------------
Error looks like this
{code}
java.sql.SQLException: Error while compiling statement: FAILED:
HiveAccessControlException Permission denied. Principal
[name=us...@example.com, type=USER] does not have following privileges on
Object [type=TABLE_OR_VIEW, name=default.test_jdbc_sql_auth2] : [SELECT]
{code}
> SQL authorization does not work with HS2 binary mode and Kerberos auth
> ----------------------------------------------------------------------
>
> Key: HIVE-6957
> URL: https://issues.apache.org/jira/browse/HIVE-6957
> Project: Hive
> Issue Type: Bug
> Components: Authorization, HiveServer2
> Affects Versions: 0.13.0
> Reporter: Thejas M Nair
> Assignee: Thejas M Nair
> Attachments: HIVE-6957.1.patch
>
>
> In HiveServer2, when Kerberos auth and binary transport modes are used, the
> user name that gets passed on to authorization is the long kerberos username.
> The username that is used in grant/revoke statements tend to be the short
> usernames.
> This also fails in authorizing statements that involve URI, as the
> authorization mode checks the file system permissions for given user. It does
> not recognize that the given long username actually owns the file or belongs
> to the group that owns the file.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
