[jira] [Updated] (SENTRY-1465) TRUNCATE table is not working with qualified table names from beeline

Matyas Orhidi (JIRA) Fri, 09 Sep 2016 14:15:07 -0700

     [ 
https://issues.apache.org/jira/browse/SENTRY-1465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Matyas Orhidi updated SENTRY-1465:
----------------------------------
    Description: 
Steps to reproduce the issue:
{code}
0: jdbc:hive2://...> create table temp.a (b int);
...
INFO  : OK
No rows affected (0.163 seconds)
{code}
{code}

0: jdbc:hive2://...> truncate table temp.a;
Error: Error while compiling statement: FAILED: SemanticException No valid 
privileges
 User admin does not have privileges for TRUNCATETABLE
 The required privileges: Server=server1->Db=default->Table=temp->action=*; 
(state=42000,code=40000)
{code}

The user has no privileges in the default database:

{code}
0: jdbc:hive2://...> show current roles;

+---------------+--+
|     role      |
+---------------+--+
| analyst_role  |
+---------------+--+
{code}

{code}
0: jdbc:hive2://...> show grant role analyst_role;

+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| database  | table  | partition  | column  | principal_name  | principal_type  
| privilege  | grant_option  |    grant_time     | grantor  |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| temp      |        |            |         | analyst_role    | ROLE            
| *          | false         | 1473206055358000  | --       |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
{code}

A workaround is to add default database privileges to the user


  was:
Steps to reproduce the issue:
{code}
0: jdbc:hive2://...> create table temp.a (b int);
...
INFO  : OK
No rows affected (0.163 seconds)
{code}
{code}

0: jdbc:hive2://...> truncate table temp.a;
Error: Error while compiling statement: FAILED: SemanticException No valid 
privileges
 User admin does not have privileges for TRUNCATETABLE
 The required privileges: Server=server1->Db=default->Table=temp->action=*; 
(state=42000,code=40000)
{code}

The user has no privileges in the default database:

{code}
0: jdbc:hive2://...> show current roles;

+---------------+--+
|     role      |
+---------------+--+
| analyst_role  |
+---------------+--+
{code}

{code}
0: jdbc:hive2://...> show grant role analyst_role;

+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| database  | table  | partition  | column  | principal_name  | principal_type  
| privilege  | grant_option  |    grant_time     | grantor  |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| temp      |        |            |         | analyst_role    | ROLE            
| *          | false         | 1473206055358000  | --       |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
{code}



> TRUNCATE table is not working with qualified table names from beeline
> ---------------------------------------------------------------------
>
>                 Key: SENTRY-1465
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1465
>             Project: Sentry
>          Issue Type: Bug
>    Affects Versions: 1.5.1
>            Reporter: Matyas Orhidi
>
> Steps to reproduce the issue:
> {code}
> 0: jdbc:hive2://...> create table temp.a (b int);
> ...
> INFO  : OK
> No rows affected (0.163 seconds)
> {code}
> {code}
> 0: jdbc:hive2://...> truncate table temp.a;
> Error: Error while compiling statement: FAILED: SemanticException No valid 
> privileges
>  User admin does not have privileges for TRUNCATETABLE
>  The required privileges: Server=server1->Db=default->Table=temp->action=*; 
> (state=42000,code=40000)
> {code}
> The user has no privileges in the default database:
> {code}
> 0: jdbc:hive2://...> show current roles;
> +---------------+--+
> |     role      |
> +---------------+--+
> | analyst_role  |
> +---------------+--+
> {code}
> {code}
> 0: jdbc:hive2://...> show grant role analyst_role;
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | database  | table  | partition  | column  | principal_name  | 
> principal_type  | privilege  | grant_option  |    grant_time     | grantor  |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | temp      |        |            |         | analyst_role    | ROLE          
>   | *          | false         | 1473206055358000  | --       |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> {code}
> A workaround is to add default database privileges to the user



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1465) TRUNCATE table is not working with qualified table names from beeline

Reply via email to