[ 
https://issues.apache.org/jira/browse/RANGER-5634?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18093647#comment-18093647
 ] 

Ramachandran Krishnan commented on RANGER-5634:
-----------------------------------------------

Merged into ranger-2.9 branch commit 
details:https://github.com/apache/ranger/commit/a6387b8f847c92a2979ff427ecaa99749c9d72d1

> CTAS & Temporary-Table queries from Hive bypass UDF Select authorization
> ------------------------------------------------------------------------
>
>                 Key: RANGER-5634
>                 URL: https://issues.apache.org/jira/browse/RANGER-5634
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>            Reporter: Dayakar M
>            Assignee: Dayakar M
>            Priority: Major
>             Fix For: 3.0.0
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> In Hive deployments protected by Ranger (Hadoop SQL service), {{CREATE TABLE 
> … AS SELECT}} and {{CREATE TEMPORARY TABLE … AS SELECT}} statements that 
> invoke a user-defined function (UDF) execute successfully even when the 
> caller has no Select/Execute privilege on the UDF.
> Normal DML statements such as {{INSERT … SELECT my_udf()}} are correctly 
> denied.
> Hive’s authorization layer attaches UDF privilege object in both the 
> cases(CTAS and InsertSelect) mentioned above but its working only for 
> InsertSelect.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to