[ https://issues.apache.org/jira/browse/RANGER-5097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17913571#comment-17913571 ]
Raghav Aggarwal commented on RANGER-5097: ----------------------------------------- The summary of issue based on my analysis in hive is, ranger is doing getTable/getDatabase call during create table/database before the metadata is committed in backend DB i.e MySql After running with the patch, I found that the create table is getting fixed but create database is still failing as {_}owner is coming as null{_}. Attaching the intelliJ debugging screenshot in attachment. Let me know if I am missing something or a change in required in hive side to add owner info in HivePrivilegeObject during create database or any other way to handle it in ranger. CC [~bpatel] > Fix setOwnerUser function to ensure the Hive default {owner} policy works > correctly > ----------------------------------------------------------------------------------- > > Key: RANGER-5097 > URL: https://issues.apache.org/jira/browse/RANGER-5097 > Project: Ranger > Issue Type: Bug > Components: Ranger > Affects Versions: 3.0.0 > Reporter: Mahesh Bandal > Assignee: Mahesh Bandal > Priority: Major > Attachments: DB_owner_as_null.png, TBL_owner_as_hive.png, > create_db_HS2_stacktrace.txt, create_table_HS2_stacktrace.txt > > > Create a Hive Table as spark user from beeline and then try accessing the > same table from spark3-shell. The select query on Hive Table fails. > {noformat} > create table spark_table_123 (name string); > select * from spark_table_123 > {noformat} > The below error is observed in spark3-shell > {noformat} > org.apache.spark.sql.AnalysisException: > org.apache.hadoop.hive.ql.metadata.HiveException: Unable to fetch table > spark_table_123. Permission denied: user [spark] does not have [SELECT] > privilege on [default/spark_table_123] > {noformat} > Expectation: > The Hive default policy for "Owner" user allowing "all" Access on all Hive > Database, table & column should allow the access. -- This message was sent by Atlassian Jira (v8.20.10#820010)