[
https://issues.apache.org/jira/browse/RANGER-5634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Abhishek Kumar resolved RANGER-5634.
------------------------------------
Fix Version/s: 3.0.0
Resolution: Fixed
Thank you for your contribution [~Dayakar], the change has been merged in
master:
https://github.com/apache/ranger/commit/409e8a72cacbdf7d160d6ca508d7fb4770188a5f
> CTAS & Temporary-Table queries from Hive bypass UDF Select authorization
> ------------------------------------------------------------------------
>
> Key: RANGER-5634
> URL: https://issues.apache.org/jira/browse/RANGER-5634
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Dayakar M
> Assignee: Dayakar M
> Priority: Major
> Fix For: 3.0.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> In Hive deployments protected by Ranger (Hadoop SQL service), {{CREATE TABLE
> … AS SELECT}} and {{CREATE TEMPORARY TABLE … AS SELECT}} statements that
> invoke a user-defined function (UDF) execute successfully even when the
> caller has no Select/Execute privilege on the UDF.
> Normal DML statements such as {{INSERT … SELECT my_udf()}} are correctly
> denied.
> Hive’s authorization layer attaches UDF privilege object in both the
> cases(CTAS and InsertSelect) mentioned above but its working only for
> InsertSelect.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
