[jira] [Commented] (HIVE-11988) [hive] security issue with hive & ranger for import table command

Thu, 29 Oct 2015 11:12:13 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-11988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14980934#comment-14980934
 ] 

Sushanth Sowmyan commented on HIVE-11988:
-----------------------------------------

Looks like I applied my patch twice to the authorization_uri_import.q.out file. 
New patch uploaded.

Thejas, does your +1 still hold for this update? i.e. since it is only a single 
minor .q.out update, can we commit without rerunning the entire gamut of tests 
again?

I'm uploading my singular test run output for authorization_uri_import.q and 
the hive.log file associated



> [hive] security issue with hive & ranger for import table command
> -----------------------------------------------------------------
>
>                 Key: HIVE-11988
>                 URL: https://issues.apache.org/jira/browse/HIVE-11988
>             Project: Hive
>          Issue Type: Bug
>          Components: Hive
>    Affects Versions: 0.14.0, 1.2.1
>            Reporter: Deepak Sharma
>            Assignee: Sushanth Sowmyan
>            Priority: Critical
>         Attachments: HIVE-11988.2.patch, HIVE-11988.3.patch, 
> HIVE-11988.4.patch, HIVE-11988.5.patch, HIVE-11988.patch
>
>
> if a user does not have permission to create table in hive , then if the same 
> user import data for a table using following command then , it will have to 
> create table also and that is working successfully , ideally it should not 
> work
> STR:
> ====
> 1. put some raw data in hdfs path /user/user1/tempdata
> 2. in ranger check policy , user1 should not have any permission on any table
> 3. login through user1 into beeline ( obviously it will fail since user 
> doesnt have permission to create table)
> create table tt1(id INT,ff String);
> FAILED: HiveAccessControlException Permission denied: user user1 does not 
> have CREATE privilege on default/tt1 (state=42000,code=40000)
> 4. now try following command to import data into a table ( table should not 
> exist already)
> import table tt1 from '/user/user1/tempdata';
> ER:
> since user1 doesnt have permission to create table so this operation should 
> fail
> AR:
> table is created successfully and data is also imported !!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to