[jira] [Created] (RANGER-4036) Hive Policy is not hounered for Drop non-existing database and non-existing table via unauthorized user

Thu, 05 Jan 2023 01:27:05 -0800 

Anupam Rai created RANGER-4036:
----------------------------------

             Summary:  Hive Policy is not hounered for Drop non-existing 
database and non-existing table via unauthorized user
                 Key: RANGER-4036
                 URL: https://issues.apache.org/jira/browse/RANGER-4036
             Project: Ranger
          Issue Type: Bug
          Components: Ranger
    Affects Versions: 2.3.0
            Reporter: Anupam Rai


Behaviour of Drop non-existing database and non-existing table for unauthorized 
user is not  proper. 

Steps to reproduce :
1. Create a policy for User1 having only select acess of database : test1 , 
Table : testtable2, Column : *
2. Run below command on non-existing database
{code:java}
DROP DATABASE IF EXISTS xyzwer; {code}
3. Result 
{code:java}
INFO  : Compiling command(queryId=hive_*******): DROP DATABASE IF EXISTS xyzwer
DEBUG : Encoding valid txns info 167872:********::167871 txnid:167872
INFO  : Semantic Analysis Completed (retrial = false)
INFO  : Created Hive schema: Schema(fieldSchemas:null, properties:null)
INFO  : Completed compiling command(queryId=***-9890-4f78-8d7d-9c75fb7c636d); 
Time taken: 0.16 seconds
INFO  : Executing 
command(queryId=hive_20230105061438_e176728f-9890-4f78-8d7d-9c75fb7c636d): DROP 
DATABASE IF EXISTS xyzwer
INFO  : Completed executing command(queryId=***-9890-****); Time taken: 0.009 
seconds
INFO  : OK
DEBUG : Shutting down query DROP DATABASE IF EXISTS xyzwer
No rows affected (0.247 seconds)
0: jdbc:hive2://quasar-******-1.****{code}
4. Run below command for non-existing table 
{code:java}
DROP TABLE IF EXISTS cccc.dddd {code}
5. Result 
{code:java}
INFO  : Semantic Analysis Completed (retrial = false)
INFO  : Created Hive schema: Schema(fieldSchemas:null, properties:null)
INFO  : Completed compiling command(queryId=****-aeed-4e60-83a1-2cc3d875c164); 
Time taken: 0.939 seconds
INFO  : Executing command(queryId=***-aeed-4e60-83a1-2cc3d875c164): DROP TABLE 
IF EXISTS cccc.dddd
INFO  : Starting task [Stage-0:DDL] in serial mode
DEBUG : Task getting executed using mapred tag : 
hive_20230105064408_d4b3da87-aeed-4e60-83a1-2cc3d875c164,userid=***
INFO  : Completed executing command(queryId=hive_****); Time taken: 0.049 
seconds
INFO  : OK
DEBUG : Shutting down query DROP  {code}
Actual : Result shows non-existing Table & database commands are getting 
executed for unauthorised user 

Expected : Like behaviour in should be like result : 
{code:java}
0: jdbc:hive://****l> DROP DATABASE IF EXISTS xyzwer;
Error: Error while compiling statement: FAILED: HiveAccessControlException 
Permission denied: user [user] does not have [DROP] privilege on [xyzwer] 
(state=42000,code=40000) {code}
Thanks



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to