[
https://issues.apache.org/jira/browse/RANGER-4994?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Raghav Aggarwal updated RANGER-4994:
------------------------------------
Attachment: no_error_case.sql
expected_case.sql
> Alter MV rebuild should fail for unauthorized user irrespective of MV state
> ---------------------------------------------------------------------------
>
> Key: RANGER-4994
> URL: https://issues.apache.org/jira/browse/RANGER-4994
> Project: Ranger
> Issue Type: Bug
> Components: plugins, Ranger
> Reporter: Raghav Aggarwal
> Priority: Major
> Attachments: expected_case.sql, no_error_case.sql
>
>
> Attaching the steps to reproduce issue as attachments.
> {_}NOTE{_}: MV is created via hive user and rebuilding it via other user
> (raghav user).
>
> When Materialized View (MV) is outdated and unauthorized user triggers the
> ALTER query to rebuild it, it is failing as it also requries access to base
> tables.
> {code:java}
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [raghav] does not have [ALTER] privilege on
> [raghav/emps/deptno,empid,hire_date]{code}
>
> But when MV is not outdated, then running alter query will not do anything
> i.e it will not use any base table and the query passes and doesn't throw any
> auth exception. *But ideally it should throw exception*
> But running a SELECT on same MV from unauthorized user fails throwing error
> (expected behaviour):
> {code:java}
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied [raghav] does not have [SELECT] privilege on
> [raghav/mv_recently_hired/*] {code}
>
> My understanding is that the behaviour should remain same irrespective of the
> state of the MV for ALTER query. _Thoughts on this?_
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
