[
https://issues.apache.org/jira/browse/RANGER-2943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17194297#comment-17194297
]
Velmurugan Periasamy commented on RANGER-2943:
----------------------------------------------
I don't think you can enforce both SQLStdHiveAuthorizerFactory and
RangerHiveAuthorizerFactory. It is one or the other.
> After enabling Ranger for Hive, the rules in hive-metastore are not enforced
> anymore
> ------------------------------------------------------------------------------------
>
> Key: RANGER-2943
> URL: https://issues.apache.org/jira/browse/RANGER-2943
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 2.1.0
> Reporter: Jie Zhang
> Priority: Major
>
> h2. Before enabling Ranger on Hive: hive.security.authorization.manager =
> org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
> user jiezhang does not have access to table default.dim_customer_pii, so I
> got access denied when I ran this query, this is expected.
> {code:java}
> select * from default.dim_customer_pii limit 5;
> {code}
> h2. After enabling Ranger on Hive: hive.security.authorization.manager =
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory
> When I ran the query above, I got the actual results, this is NOT expected.
> h2. In summary:
> After enabling Ranger on Hive, the rules with SQLStdHiveAuthorizerFactory are
> not enforced anymore. Is this by design? How can we enforce both
> SQLStdHiveAuthorizerFactory and RangerHiveAuthorizerFactory? Thanks for your
> help.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
