[jira] [Updated] (RANGER-1297) Provide correct Ranger HiveAccessControlException message for DESCRIBE when authorization fails due to lack of SELECT on all columns

Fri, 06 Jan 2017 17:00:47 -0800 

     [ 
https://issues.apache.org/jira/browse/RANGER-1297?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani updated RANGER-1297:
--------------------------------
    Description: 
Provide correct Ranger HiveAccessControlException message for DESCRIBE <TABLE> 
when authorization fails due to lack of SELECT on all columns
Currently the message is misleading because it gives HiveAccessControlException 
Permission denied: user [user1] does not have [SELECT] privilege on 
[database/table] . 
It doesn't provide which column it doesn't have SELECT permission. 

It should have SELECT permission on all columns (\*) by default to DESCRIBE as 
Hive doesn't provide ranger the necessary hooks to filter out the columns which 
user doesn't have access to. Until hive provides this, the policy in ranger 
should have SELECT on  "*" for columns on a table in order for  describer to 
succeed.

  was:
Provide correct Ranger HiveAccessControlException message for DESCRIBE <TABLE> 
when authorization fails due to lack of SELECT on all columns
Currently the message is misleading because it gives HiveAccessControlException 
Permission denied: user [user1] does not have [SELECT] privilege on 
[database/table] . 
It doesn't provide which column it doesn't have SELECT permission. 

It should have SELECT permission on all columns (*) by default to DESCRIBE as 
Hive doesn't provide ranger the necessary hooks to filter out the columns which 
user doesn't have access to. Until hive provides this, the policy in ranger 
should have SELECT on  "*" for columns on a table in order for  describer to 
succeed.


> Provide correct Ranger HiveAccessControlException message for DESCRIBE 
> <TABLE> when authorization fails due to lack of SELECT on all columns
> --------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-1297
>                 URL: https://issues.apache.org/jira/browse/RANGER-1297
>             Project: Ranger
>          Issue Type: Bug
>            Reporter: Ramesh Mani
>            Assignee: Ramesh Mani
>
> Provide correct Ranger HiveAccessControlException message for DESCRIBE 
> <TABLE> when authorization fails due to lack of SELECT on all columns
> Currently the message is misleading because it gives 
> HiveAccessControlException Permission denied: user [user1] does not have 
> [SELECT] privilege on [database/table] . 
> It doesn't provide which column it doesn't have SELECT permission. 
> It should have SELECT permission on all columns (\*) by default to DESCRIBE 
> as Hive doesn't provide ranger the necessary hooks to filter out the columns 
> which user doesn't have access to. Until hive provides this, the policy in 
> ranger should have SELECT on  "*" for columns on a table in order for  
> describer to succeed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to