[jira] [Updated] (HIVE-15890) hive permission problem

Vladimir Tselm (JIRA) Mon, 13 Feb 2017 07:06:12 -0800

     [ 
https://issues.apache.org/jira/browse/HIVE-15890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Vladimir Tselm updated HIVE-15890:
----------------------------------
    Description: 
Hello
While trying to config hive with ldap authorization, I found a strange issue.

I created users hadoop and hadoop_ro. Second one is absent DROP TABLE privilege:

EXPLAIN  AUTHORIZATION  drop table test;

 Permission denied: Principal [name=hadoop_ro, type=USER] does not have 
following privileges for operation DROPTABLE [[OBJECT OWNERSHIP] on Object 
[type=TABLE_OR_VIEW, name=greenh.test]]  |

Test database is called greenh and created using hadoop user creds.
But I can drop that table with hadoop_ro creds.
drop table test;

Is this a bug, or I missed something?



  was:
i hive with ldap Authentication. 
User hadoop created database "greenh" and table "test"
user hadoop_ro didnt have permission to drop this table
i check it: 

EXPLAIN  AUTHORIZATION  drop table test;

 Permission denied: Principal [name=hadoop_ro, type=USER] does not have 
following privileges for operation DROPTABLE [[OBJECT OWNERSHIP] on Object 
[type=TABLE_OR_VIEW, name=greenh.test]]  |

but user hadoop can drop this table:
drop table test; !!!
Help me please, is it bug or my error on configuration?



> hive permission problem
> -----------------------
>
>                 Key: HIVE-15890
>                 URL: https://issues.apache.org/jira/browse/HIVE-15890
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2
>    Affects Versions: 2.1.1
>            Reporter: Vladimir Tselm
>
> Hello
> While trying to config hive with ldap authorization, I found a strange issue.
> I created users hadoop and hadoop_ro. Second one is absent DROP TABLE 
> privilege:
> EXPLAIN  AUTHORIZATION  drop table test;
>  Permission denied: Principal [name=hadoop_ro, type=USER] does not have 
> following privileges for operation DROPTABLE [[OBJECT OWNERSHIP] on Object 
> [type=TABLE_OR_VIEW, name=greenh.test]]  |
> Test database is called greenh and created using hadoop user creds.
> But I can drop that table with hadoop_ro creds.
> drop table test;
> Is this a bug, or I missed something?



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (HIVE-15890) hive permission problem

Reply via email to