[ 
https://issues.apache.org/jira/browse/RANGER-5634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramachandran Krishnan updated RANGER-5634:
------------------------------------------
    Fix Version/s: 2.9.0

> CTAS & Temporary-Table queries from Hive bypass UDF Select authorization
> ------------------------------------------------------------------------
>
>                 Key: RANGER-5634
>                 URL: https://issues.apache.org/jira/browse/RANGER-5634
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>            Reporter: Dayakar M
>            Assignee: Dayakar M
>            Priority: Major
>             Fix For: 3.0.0, 2.9.0
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> In Hive deployments protected by Ranger (Hadoop SQL service), {{CREATE TABLE 
> … AS SELECT}} and {{CREATE TEMPORARY TABLE … AS SELECT}} statements that 
> invoke a user-defined function (UDF) execute successfully even when the 
> caller has no Select/Execute privilege on the UDF.
> Normal DML statements such as {{INSERT … SELECT my_udf()}} are correctly 
> denied.
> Hive’s authorization layer attaches UDF privilege object in both the 
> cases(CTAS and InsertSelect) mentioned above but its working only for 
> InsertSelect.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to