[jira] [Commented] (RANGER-5097) Fix setOwnerUser function to ensure the Hive default {owner} policy works correctly

Mon, 20 Jan 2025 08:08:06 -0800 


    [ 
https://issues.apache.org/jira/browse/RANGER-5097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17914723#comment-17914723
 ] 

Raghav Aggarwal commented on RANGER-5097:
-----------------------------------------

[~maheshbandal] , thanks for the update. Unfortunatley, I am still seeing the 
error on *create database* query in hive with the updated patch also. In 
beeline when I run create database query as hive user, I am still seeing the 
ERROR stacktrace in {*}hiveserver2 logs{*}, as owner is coming as null.

I am suspecting that the hivePrivilegeObject which is coming from hive is not 
setting the owner which results in triggering getDatabase call from ranger. I 
have raised a Jira in Hive project as well HIVE-28716 (here i have attached 
hive side screenshots), becausing in create table on "hive" side I can see the 
owner information is passed to ranger and it is working now with ranger fix.

Please let me know if I am missing something.

> Fix setOwnerUser function to ensure the Hive default {owner} policy works 
> correctly
> -----------------------------------------------------------------------------------
>
>                 Key: RANGER-5097
>                 URL: https://issues.apache.org/jira/browse/RANGER-5097
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 3.0.0
>            Reporter: Mahesh Bandal
>            Assignee: Mahesh Bandal
>            Priority: Major
>         Attachments: DB_owner_as_null.png, TBL_owner_as_hive.png, 
> create_db_HS2_stacktrace.txt, create_table_HS2_stacktrace.txt
>
>
> Create a Hive Table as spark user from beeline and then try accessing the 
> same table from spark3-shell. The select query on Hive Table fails.
> {noformat}
> create table spark_table_123 (name string);
> select * from spark_table_123
> {noformat}
> The below error is observed in spark3-shell
> {noformat}
> org.apache.spark.sql.AnalysisException: 
> org.apache.hadoop.hive.ql.metadata.HiveException: Unable to fetch table 
> spark_table_123. Permission denied: user [spark] does not have [SELECT] 
> privilege on [default/spark_table_123]
> {noformat}
> Expectation:
> The Hive default policy for "Owner" user allowing "all" Access on all Hive 
> Database, table & column should allow the access.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to