----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66324/#review200082 -----------------------------------------------------------
Ship it! Ship It! - Qiang Zhang On March 28, 2018, 1:12 a.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66324/ > ----------------------------------------------------------- > > (Updated March 28, 2018, 1:12 a.m.) > > > Review request for ranger, Madhan Neethiraj and Ramesh Mani. > > > Bugs: RANGER-2045 > https://issues.apache.org/jira/browse/RANGER-2045 > > > Repository: ranger > > > Description > ------- > > Test scenario > 'xasecure.hive.describetable.showcolumns.authorization.option' set to 'none' > Database 'testdb' has a table 'testtable1' with 3 columns 'name', 'age', > 'city'. > Hive Policy exists giving user 'hrt_1' 'select' privilege on DB='testdb', > table='testtable1' and columns='name', 'age' [user does not have permissions > on 'city' column]. > > "DESCRIBE testdb.testtable1" and "show columns in testdb.testtable1" commands > show results with 'city' column included. > > When 'xasecure.hive.describetable.showcolumns.authorization.option' is set to > 'none', Hive would follow default behavior and should deny DESCRIBE table and > show column commands as the policy does not grant the test user access to all > columns of the table. But the commands go through fine. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java > 55938b128 > > > Diff: https://reviews.apache.org/r/66324/diff/1/ > > > Testing > ------- > > Tested with local VM > > > Thanks, > > Abhay Kulkarni > >
