[ 
https://issues.apache.org/jira/browse/RANGER-5097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17913571#comment-17913571
 ] 

Raghav Aggarwal commented on RANGER-5097:
-----------------------------------------

The summary of issue based on my analysis in hive is, ranger is doing 
getTable/getDatabase call during create table/database before the metadata is 
committed in backend DB i.e MySql

After running with the patch, I found that the create table is getting fixed 
but create database is still failing as {_}owner is coming as null{_}. 
Attaching the intelliJ debugging screenshot in attachment.  Let me know if I am 
missing something or a change in required in hive side to add owner info in 
HivePrivilegeObject during create database or any other way to handle it in 
ranger.

CC [~bpatel] 

> Fix setOwnerUser function to ensure the Hive default {owner} policy works 
> correctly
> -----------------------------------------------------------------------------------
>
>                 Key: RANGER-5097
>                 URL: https://issues.apache.org/jira/browse/RANGER-5097
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 3.0.0
>            Reporter: Mahesh Bandal
>            Assignee: Mahesh Bandal
>            Priority: Major
>         Attachments: DB_owner_as_null.png, TBL_owner_as_hive.png, 
> create_db_HS2_stacktrace.txt, create_table_HS2_stacktrace.txt
>
>
> Create a Hive Table as spark user from beeline and then try accessing the 
> same table from spark3-shell. The select query on Hive Table fails.
> {noformat}
> create table spark_table_123 (name string);
> select * from spark_table_123
> {noformat}
> The below error is observed in spark3-shell
> {noformat}
> org.apache.spark.sql.AnalysisException: 
> org.apache.hadoop.hive.ql.metadata.HiveException: Unable to fetch table 
> spark_table_123. Permission denied: user [spark] does not have [SELECT] 
> privilege on [default/spark_table_123]
> {noformat}
> Expectation:
> The Hive default policy for "Owner" user allowing "all" Access on all Hive 
> Database, table & column should allow the access.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to