[
https://issues.apache.org/jira/browse/HIVE-25532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stamatis Zampetakis updated HIVE-25532:
---------------------------------------
Summary: Missing authorization info for KILL QUERY command (was: Fix
authorization support for Kill Query Command)
> Missing authorization info for KILL QUERY command
> -------------------------------------------------
>
> Key: HIVE-25532
> URL: https://issues.apache.org/jira/browse/HIVE-25532
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Reporter: Abhay
> Assignee: Abhay
> Priority: Major
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> We added authorization for Kill Query command some time back with the help of
> Ranger. Below is the ticket https://issues.apache.org/jira/browse/RANGER-1851
> However, we have observed that this hasn't been working as expected. The
> Ranger service expects Hive to send in a privilege object of the type
> SERVICE_NAME but we can see below
>
> [https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/server/KillQueryImpl.java#L131]
> that it is sending an empty array list.
> The Ranger service never throws an exception to this and this results in any
> user being able to kill any query even though they don't have necessary
> permissions.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
