[
https://issues.apache.org/jira/browse/RANGER-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jiayi Liu updated RANGER-2893:
------------------------------
Attachment: 0002-RANGER-2893.patch
> show grant on database xxx will fail in ranger hive plugin
> ----------------------------------------------------------
>
> Key: RANGER-2893
> URL: https://issues.apache.org/jira/browse/RANGER-2893
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Affects Versions: 2.0.0
> Reporter: Jiayi Liu
> Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2893.patch, 0002-RANGER-2893.patch
>
>
> When we enable Ranger Hive plugin, show grant at the database level will
> fail, and throw the exception "RangerHiveAuthorizer.showPrivileges() only
> supports SHOW PRIVILEGES for Hive resources and not user level". Although we
> are not showing grants at the user level, but at the database level.
> For example,
> {code:sql}
> show grant on database default;
> {code}
> and the exception,
> {code:java}
> ERROR : FAILED: Execution Error, return code 1 from
> org.apache.hadoop.hive.ql.exec.DDLTask. RangerHiveAuthorizer.showPrivileges()
> error: RangerHiveAuthorizer.showPrivileges() only supports SHOW PRIVILEGES
> for Hive resources and not user level
> {code}
> The reason is that the parameter privObj.objectName passed to
> RangerHiveAuthorizer.showPrivileges is null when show grant at the datatabase
> level, and the exception "RangerHiveAuthorizer.showPrivileges() only supports
> SHOW PRIVILEGES for Hive resources and not user level" will be thrown when
> objectName is null. The function is normal when the type of privObj is TABLE,
> because the dbName is the db name and the objectName is the table name.
> We should check whether the dbName is null instead of check the objectName.
> We alse need to fix the objectName to "*" when it is null to represent all
> tables in the db in HivePrivilegeInfo.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
