Abhishek created RANGER-4796:
--------------------------------
Summary: Create function and Drop function commands are not
supported when Ranger plugin is enabled
Key: RANGER-4796
URL: https://issues.apache.org/jira/browse/RANGER-4796
Project: Ranger
Issue Type: Bug
Components: Ranger
Reporter: Abhishek
Assignee: Pradeep Agrawal
In Trino, Hive connector supports Create function and Drop function commands.
But when the ranger trino plugin is enabled, the Create function and Drop
function commands are not supported (they are supported when ranger plugin is
disabled), and the following error message is displayed in the output.
{code:java|bgColor=#f4f5f7}
trino> drop function hive.default.meaning_of_life();
Query 20240415_185213_00001_64nwa failed: Access Denied: Cannot drop function
hive.default.meaning_of_life {code}
This is because in the policy for allowing access to functions, only two access
types are present, Grant and execute.
If the function is created when Ranger plugin is disabled, and then the user
executes the function, the function execution is authorised by ranger plugin as
the policy contains an "Execute" access type.
In order to support the Create and drop function commands in Ranger Trino
plugin, the policy definition for the resource type "Function" must be enhanced
to include "Create" and "Drop" access types
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
