Ruslan Dautkhanov created SENTRY-1209:
-----------------------------------------
Summary: Sentry does not block Hive's cross-schema table renames
Key: SENTRY-1209
URL: https://issues.apache.org/jira/browse/SENTRY-1209
Project: Sentry
Issue Type: Bug
Components: Core, Hive Binding, Hive Plugin, Sentry
Affects Versions: 1.5.1
Environment: CDH 5.5.2
Reporter: Ruslan Dautkhanov
Priority: Critical
User Pete
has read-write access to schema A
has read-only access to schema B
User Pete nevertheless was able to rename/move Hive table
from schema A to schema B (where he has read-only access):
{quote}
use A;
alter table table_a rename to B.table_a;
{quote}
Hive allows to use rename table syntax to move tables across schemas, not just
rename.
Sentry does not check security boundaries in this case.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
