[
https://issues.apache.org/jira/browse/RANGER-2763?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2763:
------------------------------------
Attachment: (was:
0001-RANGER-2763-Hive-SET-Role-command-in-Ranger-hive-plu.patch)
> Hive SET Role command in Ranger hive plugin
> -------------------------------------------
>
> Key: RANGER-2763
> URL: https://issues.apache.org/jira/browse/RANGER-2763
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Pradeep Agrawal
> Assignee: Pradeep Agrawal
> Priority: Major
>
> [https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization#SQLStandardBasedHiveAuthorization-UsersandRoles]
> In the above mentioned link there is a "SET Role" command which seems not
> implemented yet in Ranger hive plugin
> [https://github.com/apache/ranger/blob/master/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java#L104]
>
> If Ranger Hive plugin is enabled then execution of "set role" throws method
> not implemented exception probably due to :
> [https://github.com/apache/ranger/blob/master/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizerBase.java#L155]
>
> Expected behavior after the patch :
> Without Ranger ACL Use case :
> 1) create two roles let say role1 and role2
> 2) create one table table1 and insert a record.
> 3) grant select on the table1 to role1 and insert on the table1 to role2
> 4) create user testuser1 and give both role1 and role2 to user testuser1
> 5) login from user testuser1 and set role to role1 by using set role command
> 6) execute sql statement to select the records : since role1 is having
> select grant user will able to view the records.
> 7) execute insert statement to add a record : since role1 is not having
> insert privileges and user has set current role to only role1 he would not
> able to insert the records.
> 8) now run the command set role and set the role to role2
> 9) execute insert statement to add a record : since role2 is having insert
> privileges and user has set current role to only role2 he would able to
> insert the records.
> 10) execute sql statement to select the records : since role2 is not having
> select permissions, user will not able to view the records.
> 11) logout and login again from same user and execute show current role
> command , both role should be displayed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
