[
https://issues.apache.org/jira/browse/RANGER-5634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Abhishek Kumar reassigned RANGER-5634:
--------------------------------------
Assignee: Dayakar M
> CTAS & Temporary-Table queries from Hive bypass UDF Select authorization
> ------------------------------------------------------------------------
>
> Key: RANGER-5634
> URL: https://issues.apache.org/jira/browse/RANGER-5634
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Dayakar M
> Assignee: Dayakar M
> Priority: Major
>
> In Hive deployments protected by Ranger (Hadoop SQL service), {{CREATE TABLE
> … AS SELECT}} and {{CREATE TEMPORARY TABLE … AS SELECT}} statements that
> invoke a user-defined function (UDF) execute successfully even when the
> caller has no Select/Execute privilege on the UDF.
> Normal DML statements such as {{INSERT … SELECT my_udf()}} are correctly
> denied.
> Hive’s authorization layer attaches UDF privilege object in both the
> cases(CTAS and InsertSelect) mentioned above but its working only for
> InsertSelect.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
