[
https://issues.apache.org/jira/browse/RANGER-5634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ramachandran Krishnan updated RANGER-5634:
------------------------------------------
Fix Version/s: 2.9.0
> CTAS & Temporary-Table queries from Hive bypass UDF Select authorization
> ------------------------------------------------------------------------
>
> Key: RANGER-5634
> URL: https://issues.apache.org/jira/browse/RANGER-5634
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Dayakar M
> Assignee: Dayakar M
> Priority: Major
> Fix For: 3.0.0, 2.9.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> In Hive deployments protected by Ranger (Hadoop SQL service), {{CREATE TABLE
> … AS SELECT}} and {{CREATE TEMPORARY TABLE … AS SELECT}} statements that
> invoke a user-defined function (UDF) execute successfully even when the
> caller has no Select/Execute privilege on the UDF.
> Normal DML statements such as {{INSERT … SELECT my_udf()}} are correctly
> denied.
> Hive’s authorization layer attaches UDF privilege object in both the
> cases(CTAS and InsertSelect) mentioned above but its working only for
> InsertSelect.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)