Jake Moon created RANGER-1947: --------------------------------- Summary: RangerHivePlugin does not authorize location on INSERT OVERWRITE DIRECTORY query Key: RANGER-1947 URL: https://issues.apache.org/jira/browse/RANGER-1947 Project: Ranger Issue Type: Bug Components: plugins Affects Versions: 0.7.1 Environment: hadoop 2.7.5 + hive 2.3.2 + ranger 0.7.1 Reporter: Jake Moon
{code} insert overwrite directory '/user/user1/nonewrite3' ROW FORMAT DELIMITED FIELDS TERMINATED BY ',' SELECT u.id, u.age, u.city, c.city FROM user_table u JOIN city_table c ON (u.city = c.code) WHERE u.age > 25 AND u.age <= 28 AND c.city = 'New York' {code} This query's hive operation type is HiveOperationType.QUERY, and also have a write location to 'hdfs://my.cluster/user/user1/nonewrite3' RangerHiveAuthorizer must authorize the location, but getURIAccessType(HiveOperationType.QUERY) always return FsAction.NONE, so it's not work. If hive-server2 have enough permission on hdfs with no impersonation, every user can format hdfs like this. {code} insert overwrite directory '/' ROW FORMAT DELIMITED FIELDS TERMINATED BY ',' SELECT 1 {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)