[
https://issues.apache.org/jira/browse/RANGER-4036?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17755054#comment-17755054
]
Velmurugan Periasamy commented on RANGER-4036:
----------------------------------------------
CC [~rmani] / [~mehul]
> Hive Policy is not hounered for Drop non-existing database and non-existing
> table via unauthorized user
> --------------------------------------------------------------------------------------------------------
>
> Key: RANGER-4036
> URL: https://issues.apache.org/jira/browse/RANGER-4036
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 2.3.0
> Reporter: Anupam Rai
> Priority: Major
>
> Behaviour of Drop non-existing database and non-existing table for
> unauthorized user is not proper.
> Steps to reproduce :
> 1. Create a policy for User1 having only select acess of database : test1 ,
> Table : testtable2, Column : *
> 2. Run below command on non-existing database
> {code:java}
> DROP DATABASE IF EXISTS xyzwer; {code}
> 3. Result
> {code:java}
> INFO : Compiling command(queryId=hive_*******): DROP DATABASE IF EXISTS
> xyzwer
> DEBUG : Encoding valid txns info 167872:********::167871 txnid:167872
> INFO : Semantic Analysis Completed (retrial = false)
> INFO : Created Hive schema: Schema(fieldSchemas:null, properties:null)
> INFO : Completed compiling command(queryId=***-9890-4f78-8d7d-9c75fb7c636d);
> Time taken: 0.16 seconds
> INFO : Executing
> command(queryId=hive_20230105061438_e176728f-9890-4f78-8d7d-9c75fb7c636d):
> DROP DATABASE IF EXISTS xyzwer
> INFO : Completed executing command(queryId=***-9890-****); Time taken: 0.009
> seconds
> INFO : OK
> DEBUG : Shutting down query DROP DATABASE IF EXISTS xyzwer
> No rows affected (0.247 seconds)
> 0: jdbc:hive2://quasar-******-1.****{code}
> 4. Run below command for non-existing table
> {code:java}
> DROP TABLE IF EXISTS cccc.dddd {code}
> 5. Result
> {code:java}
> INFO : Semantic Analysis Completed (retrial = false)
> INFO : Created Hive schema: Schema(fieldSchemas:null, properties:null)
> INFO : Completed compiling
> command(queryId=****-aeed-4e60-83a1-2cc3d875c164); Time taken: 0.939 seconds
> INFO : Executing command(queryId=***-aeed-4e60-83a1-2cc3d875c164): DROP
> TABLE IF EXISTS cccc.dddd
> INFO : Starting task [Stage-0:DDL] in serial mode
> DEBUG : Task getting executed using mapred tag :
> hive_20230105064408_d4b3da87-aeed-4e60-83a1-2cc3d875c164,userid=***
> INFO : Completed executing command(queryId=hive_****); Time taken: 0.049
> seconds
> INFO : OK
> DEBUG : Shutting down query DROP {code}
> Actual : Result shows non-existing Table & database commands are getting
> executed for unauthorised user
> Expected : Like behaviour in should be like result :
> {code:java}
> 0: jdbc:hive://****l> DROP DATABASE IF EXISTS xyzwer;
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [user] does not have [DROP] privilege on [xyzwer]
> (state=42000,code=40000) {code}
> Thanks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
