[
https://issues.apache.org/jira/browse/RANGER-3464?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ramesh Mani updated RANGER-3464:
--------------------------------
Summary: Handle if exists and if not exists clause commands authorization
correctly in Ranger Hive authorizer. (was: Handle if exist and if not exist
clause commands authorization correctly in Ranger Hive authorizer.)
> Handle if exists and if not exists clause commands authorization correctly in
> Ranger Hive authorizer.
> -----------------------------------------------------------------------------------------------------
>
> Key: RANGER-3464
> URL: https://issues.apache.org/jira/browse/RANGER-3464
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 3.0.0, 2.2.0
> Reporter: Ramesh Mani
> Assignee: Ramesh Mani
> Priority: Major
> Fix For: 3.0.0, 2.2.0
>
>
> Certain command like CREATE VIEW / CREATE TABLE / CREATE MATERIALISED VIEW/
> CREATE FUNCTION / DROP VIEW / DROP MATERIALISED VIEW / DROP DATABASE /
> ALTERVIEW AS have IF EXISTS or IF NOT EXISTS clause and if those commands are
> run again if table is present or not present depending on the command which
> is run result in Authorization failure. This is because hive doesn't send the
> input/output objects for those commands when same command is run again and if
> the objects are not present.
> E.g Following sequence of operation will result in authorization failure.
> create table a(id int);
> insert into a values(1);
> create materialized view if not exists av as select * from a;
> create materialized view if not exists av as select * from a;
> drop materialized view if exists av;
> drop materialized view if exists av; # Error: Error while compiling
> statement: FAILED: HiveAccessControlException Unable to authorize command:
> [drop materialized view if exists av] , HivePrivilegeObjects are not
> available to authorize this command! (state=42000,code=40000)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
