Ramesh Mani created RANGER-3464:
-----------------------------------
Summary: Handle if exist and if not exist clause commands
authorization correctly in Ranger Hive authorizer.
Key: RANGER-3464
URL: https://issues.apache.org/jira/browse/RANGER-3464
Project: Ranger
Issue Type: Bug
Components: Ranger
Affects Versions: 3.0.0, 2.2.0
Reporter: Ramesh Mani
Assignee: Ramesh Mani
Fix For: 3.0.0, 2.2.0
Certain command like CREATE VIEW / CREATE TABLE / CREATE MATERIALISED VIEW/
CREATE FUNCTION / DROP VIEW / DROP MATERIALISED VIEW / DROP DATABASE /
ALTERVIEW AS have IF EXISTS or IF NOT EXISTS clause and if those commands are
run again if table is present or not present depending on the command which is
run result in Authorization failure. This is because hive doesn't send the
input/output objects for those commands when same command is run and if the
objects are not present.
E.g Following sequence of operation will result in authorization failure.
create table a(id int);
insert into a values(1);
create materialized view if not exists av as select * from a;
create materialized view if not exists av as select * from a;
drop materialized view if exists av;
drop materialized view if exists av; # Error: Error while compiling statement:
FAILED: HiveAccessControlException Unable to authorize command: [drop
materialized view if exists av] , HivePrivilegeObjects are not available to
authorize this command! (state=42000,code=40000)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
