[
https://issues.apache.org/jira/browse/RANGER-4713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17833137#comment-17833137
]
Mahesh Hanumant Bandal commented on RANGER-4713:
------------------------------------------------
[~suja] - This behaviour was added in RANGER-4001.
Removing check for [select] access on database during 'ALTERVIEW_AS' operation
may lead to security issues. This is working as expected.
Also for the 'CREATEVIEW' operation, adding check for [select] access on
database will cause change in behaviour.
Resolving this JIRA.
> Alter view needs additional select permission on db which is not required for
> create view
> -----------------------------------------------------------------------------------------
>
> Key: RANGER-4713
> URL: https://issues.apache.org/jira/browse/RANGER-4713
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: suja s
> Assignee: Mahesh Hanumant Bandal
> Priority: Major
>
> STEPS TO REPRODUCE:
> Create db dbfortest
> Create table tablefortest under dbfortest (create table
> dbfortest.tablefortest(id int, name1 string, name2 string))
> Insert rows into dbfortest.tablefortest
> User u1 has select access on tablefortest via ranger policy[db=dbfortest,
> table=tablefortest, column=*] - policy P1
> User u1 has create and alter permissions via ranger policy [db=dbfortest,
> table=viewfortest, column=*] - policy P2
> Connect to beeline as user u1 and execute command 'create view
> dbfortest.viewfortest as select id,name1 from dbfortest.tablefortest'
> View creation is successful, Ranger access audits show that policy P1 granted
> select on tablefortest and policy P2 granted create on viewfortest
> Execute command 'alter view dbfortest.viewfortest as select id,name2 from
> dbfortest.tablefortest'.
> CURRENT BEHAVIOUR:
> Alter view command fails with access denied error for user not having select
> permissions on database dbfortest
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
